我有一个在OpenStack上运行的K8s集群。我正在使用头盔和MongoDB头盔图表4.0.6将应用程序与单节点MongoDB 4.0.1一起部署。 MongoDB似乎可以初始化并开始正常。但是,启动后,所有身份验证都将失败。奇怪的是,它本来可以工作,但是现在每次我尝试/重试都失败了。
MongoDB登录失败的日志:
Welcome to the Bitnami mongodb container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-mongodb
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-mongodb/issues
nami INFO Initializing mongodb
mongodb INFO ==> Deploying MongoDB from scratch...
mongodb INFO ==> No injected configuration files found. Creating default config files...
mongodb INFO ==> Creating root user...
mongodb INFO ==> Creating ars user...
mongodb INFO ==> Enabling authentication...
mongodb INFO
mongodb INFO
mongodb INFO Installation parameters for mongodb:
mongodb INFO Root Password: **********
mongodb INFO Username: ars
mongodb INFO Password: **********
mongodb INFO Database: ars02
mongodb INFO (Passwords are not shown for security reasons)
mongodb INFO
mongodb INFO
nami INFO mongodb successfully initialized
INFO ==> Starting mongodb...
INFO ==> Starting mongod...
和
2018-10-11T17:44:39.192+0000 I ACCESS [conn231] SASL SCRAM-SHA-1 authentication failed for ars on ars02 from client 10.100.49.5:37116 ; UserNotFound: Could not find user ars@ars02
有时,我会在启动顺序中遇到断言失败:
2018-10-25T20:07:03.942+0000 F STORAGE [initandlisten] Unable to start up mongod due to missing featureCompatibilityVersion document.
2018-10-25T20:07:03.942+0000 F STORAGE [initandlisten] Please run with --repair to restore the document.
2018-10-25T20:07:03.942+0000 F - [initandlisten] Fatal Assertion 40652 at src/mongo/db/repair_database_and_check_version.cpp 579
2018-10-25T20:07:03.942+0000 F - [initandlisten]
docker镜像环境:
MONGODB_ROOT_PASSWORD=ThisIsTheMongoRootPassword MONGODB_PRIMARY_ROOT_USER=root MONGODB_PRIMARY_ROOT_PASSWORD= MONGODB_REPLICA_SET_MODE= MONGODB_ADVERTISED_HOSTNAME= MONGODB_PRIMARY_HOST= MONGODB_REPLICA_SET_NAME=replicaset MONGODB_DATABASE=ars02 MONGODB_PRIMARY_PORT_NUMBER=27017 MONGODB_EXTRA_FLAGS= MONGODB_PASSWORD=ars MONGODB_USERNAME=ars MONGODB_ENABLE_IPV6=yes MONGODB_REPLICA_SET_KEY=
尝试在mongo shell中进行身份验证:
$ mongo ars02 -u ars -p ars MongoDB shell version v4.0.1 connecting to: mongodb://127.0.0.1:27017/ars02 MongoDB server version: 4.0.1 2018-10-11T17:54:05.601+0000 E QUERY [js] Error: Authentication failed. : DB.prototype._authOrThrow@src/mongo/shell/db.js:1679:20 @(auth):6:1 @(auth):1:2 exception: login failed $ mongo admin -u root -p ThisIsTheMongoRootPassword MongoDB shell version v4.0.1 connecting to: mongodb://127.0.0.1:27017/ars02 MongoDB server version: 4.0.1 2018-10-11T17:54:32.645+0000 E QUERY [js] Error: Authentication failed. : DB.prototype._authOrThrow@src/mongo/shell/db.js:1679:20 @(auth):6:1 @(auth):1:2 exception: login failed $ mongo ars02 -u root -p ThisIsTheMongoRootPassword MongoDB shell version v4.0.1 connecting to: mongodb://127.0.0.1:27017/admin MongoDB server version: 4.0.1 2018-10-11T17:54:42.456+0000 E QUERY [js] Error: Authentication failed. : DB.prototype._authOrThrow@src/mongo/shell/db.js:1679:20 @(auth):6:1 @(auth):1:2 exception: login failed
关联的访问日志:
2018-10-11T18:05:17.544+0000 I ACCESS [conn134] Supported SASL mechanisms requested for unknown user 'ars@ars02' 2018-10-11T18:05:17.544+0000 I ACCESS [conn134] SASL SCRAM-SHA-1 authentication failed for ars on ars02 from client 127.0.0. 2018-10-11T18:02:43.542+0000 I ACCESS [conn50] Supported SASL mechanisms requested for unknown user 'root@admin' 2018-10-11T18:02:43.543+0000 I ACCESS [conn50] SASL SCRAM-SHA-1 authentication failed for root on admin from client 127.0.0.1:46832 ; UserNotFound: Could not find user root@admin 2018-10-11T18:04:11.144+0000 I ACCESS [conn100] Supported SASL mechanisms requested for unknown user 'root@ars02' 2018-10-11T18:04:11.144+0000 I ACCESS [conn100] SASL SCRAM-SHA-1 authentication failed for root on ars02 from client 127.0.0
我的宽松理解是,初始化是由Kubernetes设置的环境变量驱动的。在bitnami初始化脚本中引用了mongo-inputs.json,似乎可以验证这一点:
$ cat mongodb-inputs.json
{
"advertisedHostname": "{{$global.env.MONGODB_ADVERTISED_HOSTNAME}}",
"database": "{{$global.env.MONGODB_DATABASE}}",
"enableIPv6": "{{$global.env.MONGODB_ENABLE_IPV6}}",
"password": "{{$global.env.MONGODB_PASSWORD}}",
"primaryHost": "{{$global.env.MONGODB_PRIMARY_HOST}}",
"primaryPort": "{{$global.env.MONGODB_PRIMARY_PORT_NUMBER}}",
"primaryRootPassword": "{{$global.env.MONGODB_PRIMARY_ROOT_PASSWORD}}",
"primaryRootUser": "{{$global.env.MONGODB_PRIMARY_ROOT_USER}}",
"replicaSetKey": "{{$global.env.MONGODB_REPLICA_SET_KEY}}",
"replicaSetMode": "{{$global.env.MONGODB_REPLICA_SET_MODE}}",
"replicaSetName": "{{$global.env.MONGODB_REPLICA_SET_NAME}}",
"rootPassword": "{{$global.env.MONGODB_ROOT_PASSWORD}}",
"username": "{{$global.env.MONGODB_USERNAME}}"
}
我的MongoDB部署是:
---
# Source: v/charts/mongodb/templates/deployment-standalone.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: v-test-mongodb
labels:
app: mongodb
chart: mongodb-4.0.6
release: "v-test"
heritage: "Tiller"
spec:
template:
metadata:
labels:
app: mongodb
release: "v-test"
chart: mongodb-4.0.6
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
containers:
- name: v-test-mongodb
image: docker.io/bitnami/mongodb:4.0.1-debian-9
imagePullPolicy: "Always"
env:
- name: MONGODB_ROOT_PASSWORD
value: "ThisIsTheMongoRootPassword"
- name: MONGODB_USERNAME
value: "ars"
- name: MONGODB_PASSWORD
value: "ars"
- name: MONGODB_DATABASE
value: "ars02"
- name: MONGODB_EXTRA_FLAGS
value:
ports:
- name: mongodb
containerPort: 27017
livenessProbe:
exec:
command:
- mongo
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- mongo
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
volumeMounts:
- name: data
mountPath: /bitnami/mongodb
resources:
limits:
cpu: 1
memory: 6Gi
requests:
cpu: 100m
memory: 1Gi
volumes:
- name: data
persistentVolumeClaim:
claimName: v-test-mongodb
---
我从使用MONGODB_DATABASE / MONGODB_USERNAME / MONGODB_PASSWORD切换到在docker-entrypoint-initdb.d目录之外运行初始化脚本。这似乎有所帮助,但我有时仍会同时看到authn和assert失败。当authn失败时,我的初始化脚本无法以root用户身份连接到管理数据库来创建用户/数据库。
还有其他人看到部署mongodb的这类问题吗?