search

allegroai / clearml-server

ClearML - Auto-Magical CI/CD to streamline your AI workload. Experiment Management, Data Management, Pipeline, Orchestration, Scheduling & Serving in one MLOps/LLMOps solution
https://clear.ml/docs
Other
364 stars 132 forks source link

Credentials inside mongodb connection string don't work #175

Closed awoimbee closed 1 year ago

awoimbee commented 1 year ago

Hi,

Problem:

Credentials inside CLEARML_MONGODB_SERVICE_CONNECTION_STRING don't work. Using something like mongodb://jojo:pass123@mongo.example.com:27017 will result in:

[2023-01-18 23:05:12,819] [9] [INFO] [clearml.app_sequence] ################ API Server initializing #####################
[2023-01-18 23:05:12,820] [9] [INFO] [clearml.database] Initializing database connections
[2023-01-18 23:05:12,821] [9] [INFO] [clearml.database] Using override mongodb connection string template mongodb://jojo:pass123@mongo.example.com:27017
[2023-01-18 23:05:12,821] [9] [INFO] [clearml.database] Using override mongodb connection string for auth-db: mongodb://jojo:pass123@mongo.example.com:27017/auth
[2023-01-18 23:05:12,822] [9] [INFO] [clearml.database] Registering connection to auth-db (mongodb://jojo:pass123@mongo.example.com:27017/auth)
[2023-01-18 23:05:12,823] [9] [INFO] [clearml.database] Using override mongodb connection string for backend-db: mongodb://jojo:pass123@mongo.example.com:27017/backend
[2023-01-18 23:05:12,824] [9] [INFO] [clearml.database] Registering connection to backend-db (mongodb://jojo:pass123@mongo.example.com:27017/backend)
Traceback (most recent call last):
[...]
pymongo.errors.OperationFailure: Authentication failed., full error: {'ok': 0.0, 'errmsg': 'Authentication failed.', 'code': 18, 'codeName': 'AuthenticationFailed'}

Work around:

CLEARML__HOSTS__MONGO__BACKEND__HOST="\"mongodb://jojo:pass123@mongo.example.com:27017/backend?retryWrites=true&w=majority\""
CLEARML__HOSTS__MONGO__AUTH__HOST="\"mongodb://jojo:pass123@mongo.example.com:27017/auth?retryWrites=true&w=majority\""

That's how I deal with it with the helm chart (wip code): pulumi-transformations

Related issues

https://github.com/allegroai/clearml-helm-charts/issues/37 https://github.com/allegroai/clearml-server/issues/86 -> that's where I found the workaround

awoimbee commented 1 year ago

Edit: My user was created in the admin DB, made it work using:

if (o.kind === "Secret" && o.metadata.name === "clearml-conf") {
  o.stringData = {
    mongodb_backend_connection_string: pulumi.interpolate`"mongodb://myUser:myPass@clearml-mongodb.example.com:27017/clearml-backend?authSource=admin"`,
    mongodb_auth_connection_string: pulumi.interpolate`"mongodb://myUser:myPass@clearml-mongodb.example.com:27017/clearml-auth?authSource=admin"`
  };
}
const secretKeyRef = (name: string, key: string) => (
  { name, valueFrom: { secretKeyRef: { name: "clearml-conf", key } } }
);
if (o.kind === "Deployment" && o.metadata.name === "clearml-apiserver") {
  // Use custom connection strings with added auth
  const container = o.spec.template.spec.containers[0];
  container.env = container.env!.filter(e => e.name !== "CLEARML_MONGODB_SERVICE_CONNECTION_STRING");
  container.env.push(
    secretKeyRef("CLEARML__HOSTS__MONGO__BACKEND__HOST", "mongodb_backend_connection_string"),
    secretKeyRef("CLEARML__HOSTS__MONGO__AUTH__HOST", "mongodb_auth_connection_string"),
  );
}

The documentation is terrible, but it works.

valeriano-manassero commented 1 year ago

Hi @awoimbee , I created a PR (linked here) in Helm charts following your findings, I still have to test it but feel free to comment if you find it useful,