Docker内部的Mongo身份验证

时间:2018-11-27 22:30:42

标签: mongodb docker docker-compose

我正在尝试通过身份验证运行mongo docker映像。遵循documentation中最简单的示例,我通过docker-compose up命令运行了mongo和mongo-express图像。我的docker-compose.yml在这个阶段:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example

这将运行,两个容器都可以正常运行,我可以从mongo-express网站浏览mongo的内容。但是,每当我更改docker-compose.yml文件中的用户名或密码时,例如更改为此:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example123

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example123

mongo-express抛出未经授权的错误消息:

mongo-express_1  | Admin Database connected
mongo-express_1  | { MongoError: Authentication failed.
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at emitOne (events.js:116:13)
mongo-express_1  |     at Socket.emit (events.js:211:7)
mongo-express_1  |     at addChunk (_stream_readable.js:263:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1  |   name: 'MongoError',
mongo-express_1  |   message: 'Authentication failed.',
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'Authentication failed.',
mongo-express_1  |   code: 18,
mongo-express_1  |   codeName: 'AuthenticationFailed' }
mongo-express_1  | unable to list databases
mongo-express_1  | { MongoError: command listDatabases requires authentication
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at emitOne (events.js:116:13)
mongo-express_1  |     at Socket.emit (events.js:211:7)
mongo-express_1  |     at addChunk (_stream_readable.js:263:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1  |   name: 'MongoError',
mongo-express_1  |   message: 'command listDatabases requires authentication',
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'command listDatabases requires authentication',
mongo-express_1  |   code: 13,
mongo-express_1  |   codeName: 'Unauthorized' }

无论我在docker-compose.yml中输入什么用户名或密码,只有使用原始的rootexample对,我才能使mongo-express连接到mongo。

请注意,我没有将用户名和密码作为环境变量使用,但是可以直接在docker-compose.yml文件中键入它们,如您在此处看到的那样。

还请注意,当我将MONGO_INITDB_ROOT_USERNAMEMONGO_INITDB_ROOT_PASSWORD(mongo的)变量更改为任何变量时,它们似乎没有效果,我仍然可以使用原始变量来连接mongo-express根凭证和示例凭证。

是什么原因导致这种行为?我该如何进行这项工作?

5 个答案:

答案 0 :(得分:5)

您的docker-compose命令:

docker-compose up --build --force-recreate

Mongo图片uses anonymous volumes,因此您还需要--renew-anon-volumesdoc):

docker-compose up --build --force-recreate --renew-anon-volumes

否则,将使用先前具有已初始化DB的卷=>将不使用INITDB env变量。

答案 1 :(得分:5)

对我有用的只是为 mongodb 服务器添加环境变量。

ME_CONFIG_MONGODB_SERVER: mongo

像这样:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example
      ME_CONFIG_MONGODB_SERVER: mongo

答案 2 :(得分:2)

如果您创建 mongodb 容器(docker-compose up 将构建/拉取映像并启动容器)并为其提供用户名和密码,则 mongodb 将在第一次运行时自行配置并且不再!在为该服务创建新容器之前,默认用户/通行证将是最初设置的用户/通行证。如果要更改默认值,则必须创建一个新容器。 您还可以在容器启动后添加用户。

仅停止服务容器(docker-compose stop)不会破坏容器。为此,请调用 docker-compose down 或在启动时调用 docker-compose up --force-recreate

问候

答案 3 :(得分:0)

就我而言,我必须先

停止我所有的容器

然后a_len = max(a.shape) a_len_sqrt = int(np.sqrt(a_len)) a = a.reshape((a_len_sqrt, a_len_sqrt))

这是不得已的方法。使用此cmd之前请先检查the docker doc

答案 4 :(得分:0)

docker system prune -a --volumes 可以解决这个问题,但一种更简单的方法是(如果您正在安装一个数据卷以使 db 持久化)您可以删除并重新创建一个新的,这样其他卷将保持原样。 当然,将它与 docker-compose up --build --force-recreate --renew-anon-volumes 结合起来

相关问题
最新问题