MONGO_INITDB_ROOT_* variables not detected?

[biziosan]

It seems that when I create a mongodb container and specify the MONGO_INIT_DBROOT* variables, the instance does not create the root user. Do you have an idea of what I am doing wrong?

This is my docker-compose config:

version: "3.7"
services:
    mongo:
        image: mongo
        environment:
            - MONGO_INITDB_ROOT_USERNAME=root
            - MONGO_INITDB_ROOT_PASSWORD=1234
        container_name: mongo_mine
        restart: always
        ports:
            - 27017:27017
        volumes:
            - ./database:/data/db
            - ./conf:/etc/mongo
            - ./logs:/logs
            - ./initdb_scripts:/docker-entrypoint-initdb.d
        network_mode: "host"
        entrypoint: ["mongod"]
        command: ["--config", "/etc/mongo/mongod.conf"]

The MongoDB config file:

storage:
    journal:
        enabled: true
    directoryPerDB: true
    engine: wiredTiger
    wiredTiger:
        engineConfig:
            cacheSizeGB: 2
net:
    bindIp: 127.0.0.1
    port: 27017

There is no file in the entry-point directory.

This is the log (I don't see the creation of the root user):

mongo_mine | 2019-05-01T12:27:23.079+0000 I CONTROL  [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=ramiel
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] db version v4.0.9
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] git version: fc525e2d9b0e4bceff5c2201457e564362909765
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.2g  1 Mar 2016
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] allocator: tcmalloc
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] modules: none
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] build environment:
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten]     distmod: ubuntu1604
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten]     distarch: x86_64
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten]     target_arch: x86_64
mongo_mine | 2019-05-01T12:27:23.081+0000 I CONTROL  [initandlisten] options: { config: "/etc/mongo/mongod.conf", net: { bindIp: "127.0.0.1", port: 27017 }, storage: { directoryPerDB: true, engine: "wiredTiger", journal: { enabled: true }, wiredTiger: { engineConfig: { cacheSizeGB: 2.0 } } } }
mongo_mine | 2019-05-01T12:27:23.081+0000 I STORAGE  [initandlisten] 
mongo_mine | 2019-05-01T12:27:23.081+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
mongo_mine | 2019-05-01T12:27:23.081+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
mongo_mine | 2019-05-01T12:27:23.081+0000 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=2048M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
mongo_mine | 2019-05-01T12:27:23.571+0000 I STORAGE  [initandlisten] WiredTiger message [1556713643:571017][1:0x7f07d5b4ea80], txn-recover: Main recovery loop: starting at 14/7040 to 15/256
mongo_mine | 2019-05-01T12:27:23.645+0000 I STORAGE  [initandlisten] WiredTiger message [1556713643:645102][1:0x7f07d5b4ea80], txn-recover: Recovering log 14 through 15
mongo_mine | 2019-05-01T12:27:23.720+0000 I STORAGE  [initandlisten] WiredTiger message [1556713643:720202][1:0x7f07d5b4ea80], txn-recover: Recovering log 15 through 15
mongo_mine | 2019-05-01T12:27:23.761+0000 I STORAGE  [initandlisten] WiredTiger message [1556713643:761355][1:0x7f07d5b4ea80], txn-recover: Set global recovery timestamp: 0
mongo_mine | 2019-05-01T12:27:24.015+0000 I RECOVERY [initandlisten] WiredTiger recoveryTimestamp. Ts: Timestamp(0, 0)
mongo_mine | 2019-05-01T12:27:24.097+0000 I CONTROL  [initandlisten] 
mongo_mine | 2019-05-01T12:27:24.097+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
mongo_mine | 2019-05-01T12:27:24.097+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
mongo_mine | 2019-05-01T12:27:24.097+0000 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
mongo_mine | 2019-05-01T12:27:24.097+0000 I CONTROL  [initandlisten] 
mongo_mine | 2019-05-01T12:27:24.110+0000 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
mongo_mine | 2019-05-01T12:27:24.111+0000 I NETWORK  [initandlisten] waiting for connections on port 27017

Authentication fails:

mongo -u root -p 1234 --authenticationDatabase admin 
MongoDB shell version v4.0.9
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&gssapiServiceName=mongodb
2019-05-01T08:28:17.955-0400 E QUERY    [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:343:13
@(connect):2:6
exception: connect failed

mongo_mine | 2019-05-01T12:28:17.940+0000 I NETWORK  [listener] connection accepted from 127.0.0.1:47496 #1 (1 connection now open)
mongo_mine | 2019-05-01T12:28:17.954+0000 I NETWORK  [conn1] received client metadata from 127.0.0.1:47496 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "4.0.9" }, os: { type: "Linux", name: "Ubuntu", architecture: "x86_64", version: "18.04" } }
mongo_mine | 2019-05-01T12:28:17.954+0000 I ACCESS   [conn1] Supported SASL mechanisms requested for unknown user 'root@admin'
mongo_mine | 2019-05-01T12:28:17.954+0000 I ACCESS   [conn1] SASL SCRAM-SHA-1 authentication failed for root on admin from client 127.0.0.1:47496 ; UserNotFound: Could not find user root@admin
mongo_mine | 2019-05-01T12:28:17.955+0000 I NETWORK  [conn1] end connection 127.0.0.1:47496 (0 connections now open)

[wglambert]

Is your ./database directory empty?

https://github.com/docker-library/docs/tree/master/mongo#environment-variables

Do note that none of the variables below will have any effect if you start the container with a data directory that already contains a database: any pre-existing database will always be left untouched on container startup.

[biziosan]

Yes, the directory is empty when I start the container for the first time. I have just tried again, making sure to remove the directory completely and recreating it (empty). Same issue. I see mongod accepting the connection and closing it right away (same message as above).

[wglambert]

entrypoint: ["mongod"]

Missed that initially, you're overriding the script that performs all of the environment variable logic https://github.com/docker-library/mongo/blob/master/4.1/docker-entrypoint.sh

The entrypoint runs mongod at the end https://github.com/docker-library/mongo/blob/08737ed3a8d444b79496846e882075bfdd43edab/4.1/docker-entrypoint.sh#L5

https://github.com/docker-library/mongo/blob/08737ed3a8d444b79496846e882075bfdd43edab/4.1/docker-entrypoint.sh#L354

[fab-san]

I see. Thank you!

I thought that that was the correct way to start the service with the specified configuration file. Can you tell me what should entrypoint and command look like to correctly use the configuration file and still have the default docker-entrypoint.sh script?

[wglambert]

Just remove your entrypoint: line, it will default to what the image has set https://github.com/docker-library/mongo/blob/08737ed3a8d444b79496846e882075bfdd43edab/4.1/Dockerfile#L94

The docker-entrypoint.sh then takes your --config argument and appends it after mongod, so the image runs with mongod --config /etc/mongo/mongod.conf

[biziosan]

I thought I did try that. The log would report (as first message):

mongo_mine | /usr/local/bin/docker-entrypoint.sh: line 179: [: missing `]'

However, I think I tried it with the database directory not empty.

I tried again with the database directory empty this time. I still get that error message. However, the user is created and Compass connects correctly. Is that error message a problem?

[yosifkit]

Ah, that looks like a bug in the script:

https://github.com/docker-library/mongo/blob/08737ed3a8d444b79496846e882075bfdd43edab/docker-entrypoint.sh#L179

I'll go make a fix:

-           && [ "$clusterRole" = 'configsvr']
+           && [ "$clusterRole" = 'configsvr' ]