mongo db docker映像身份验证失败

时间:2020-02-25 12:07:27

标签: mongodb docker

我在本地docker环境中使用https://hub.docker.com/_/mongo mongo映像,但是出现Authentication failed错误。在docker-compose中,我将其添加为:

 my-mongo:
    image: mongo
    restart: always
    container_name:  my-mongo
    environment:
      MONGO_INITDB_ROOT_USERNAME: mongo
      MONGO_INITDB_ROOT_PASSWORD: asdfasdf
    networks:
      - mynet

我还尝试从容器内部运行mongo CLI,但仍然收到相同的错误:

root@76e6db78228b:/# mongo
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("c87c0f0e-fe83-41a6-96e9-4aa4ede8fa25") }
MongoDB server version: 4.2.3
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        http://docs.mongodb.org/
Questions? Try the support group
        http://groups.google.com/group/mongodb-user
> use translations
switched to db translations  
> db.auth("mongo", "asdfasdf")
Error: Authentication failed.
0

此外,我正在尝试创建一个单独的用户:

> use admin
switched to db admin
db.auth("mongo", "asdfasdf")
1
> db.createUser({
    user: "user",
    pwd: "asdfasdf",
    roles: [  {role: "readWrite", db: "translations" }  ]
    })
Successfully added user: {
        "user" : "user",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "translations"
                }
        ]
}
> use translations
switched to db translations  
> db.auth("user", "asdfasdf")
Error: Authentication failed.
0

同样,我在做什么错??

已更新: 

root@8bf81ef1fc4f:/# mongo -u mongo -p asdfasdf --authenticationDatabase admin
MongoDB shell version v4.2.3
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("02231489-eaf4-40be-a108-248cec88257e") }
MongoDB server version: 4.2.3
Server has startup warnings: 
2020-02-26T16:24:12.942+0000 I  STORAGE  [initandlisten] 
2020-02-26T16:24:12.943+0000 I  STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2020-02-26T16:24:12.943+0000 I  STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).

The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.

To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---

> db.createUser({user: "someuser", pwd: "asdfasdf", roles: [{role: "readWrite", db: "translations"}]})
Successfully added user: {
        "user" : "someuser",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "translations"
                }
        ]
}
> use translations
switched to db translations
> db.auth("someuser", "asdfasdf")
Error: Authentication failed.
0
>

3 个答案:

答案 0 :(得分:3)

Docs

中所述

这些变量结合使用可以创建一个新用户并设置 用户的密码。该用户是在admin身份验证中创建的 数据库,并具有root角色,这是一个“超级用户”角色。

所以您需要在命令中添加--authenticationDatabase admin,因为mongod将以mongod --auth开头

示例:

mongo -u mongo -p asdfasdf --authenticationDatabase admin

答案 1 :(得分:0)

我自己也有同样的问题,

请先从凭据中删除用户名和密码。

environment:
      MONGO_INITDB_ROOT_USERNAME: mongo
      MONGO_INITDB_ROOT_PASSWORD: asdfasdf

删除凭据后,您可以检查 mongodb 上的数据库或用户。

show dbs
show users

那些命令也需要身份验证,所以如果你能看到它们,可以为空,那么你就解决了你的问题。

比, 然后创建一个管理员用户,

use admin
db.createUser({user: "root", pwd: "root", roles:["root"]})

然后您可以注销并尝试使用凭据以管理员身份连接到 shell。

此外,如果您在创建新用户时仍有一些问题, 在我的情况下,我将机制更改为 SCRAM-SHA-1,但它的效果非常好。

{
  user: "<name>",
  pwd: passwordPrompt(),      // Or  "<cleartext password>"
  customData: { <any information> },
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...],
       serverAddress: ["<IP>" | "<CIDR range>", ...]
     },
     ...
  ],
  mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
  passwordDigestor: "<server|client>"
}

答案 2 :(得分:0)

过了一段时间,我想通了。

  • 在同一个文件夹中,创建 docker-compose.ymlinit-mongo.js

docker-compose.yml

version: '3.7'
services:
  database:
    image: mongo
    container_name : your-cont-name
    command: mongod --auth
    environment:
      - MONGO_INITDB_DATABASE=my_db
      - MONGO_INITDB_ROOT_USERNAME=admin
      - MONGO_INITDB_ROOT_PASSWORD=root
    ports:
      - '27017-27019:27017-27019'
    volumes: 
      - mongodbdata:/data/db
      - ./init-mongo.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      
volumes:
  mongodbdata:
    driver: local

init-mongo.js

db.createUser(
    {
        user: "your_user",
        pwd: "your_password",
        roles: [
            {
                role: "readWrite",
                db: "my_db"
            }
        ]
    }
);
db.createCollection("test"); //MongoDB creates the database when you first store data in that database

身份验证

首先在容器内执行bash

docker exec -it your-cont-name bash

现在我们可以登录了。 对于管理员

mongo -u admin -p root

对于your_user,您必须指定数据库(使用 --authenticationDatabase),否则会出现身份验证错误

mongo -u your_user -p your_password --authenticationDatabase my_db

之后,您应该使用

切换到正确的数据库 
use my_db

如果你不执行这个命令,你将在 test db

注意

为了确保配置正确,我更喜欢

docker-compose stop
docker-compose rm
docker volume rm <your-volume>
docker-compose up --build -d
相关问题
最新问题