user_management fails to add users to the database

edelight / chef-mongodb

MongoDB Chef cookbook

https://community.opscode.com/cookbooks/mongodb

Apache License 2.0

362 stars 3 forks source link

user_management fails to add users to the database #320

Open johnoliver opened 10 years ago

johnoliver commented 10 years ago

I cant find any combination of user configuration that does not result in the following message from mongo:

Database command 'createUser' failed: No role named userAdminAnyDatabase@myDb

I have tried setting the property as follows:

      :users => [
        {
            :username => 'foo',
            :password => 'bar',
            :roles => ['userAdminAnyDatabase', 'dbAdminAnyDatabase']
        }
      ]

And adding the following to a recipe

mongodb_user 'foo' do
    password 'bar'
    roles %w(userAdminAnyDatabase dbAdminAnyDatabase)
    database 'myDb'
    connection node['mongodb']
    action :add
end

they all result in the above error message. I have tried a range of different role values the all fail.

johnoliver commented 10 years ago

Ok, obviously I would figure it out immediately after submitting this. In fact it is the case that only roles that apply to a single database can be applied, all others will fail.

cjhubert commented 10 years ago

Hi John! Sorry if the recipe caused you any unnecessary stress. Glad to hear you were able to figure it out. If there's anything that I can add to the readme to make it more clear on how to use, please let me know.

Adding users to mongo has always been troublesome for me, it always seems to take an exactly specific command to get it to work. The recipe also might have trouble with sharded, replicated sets. I'll be taking a look at that soon, I hope.

jayashree-nataraj commented 9 years ago

Hi @cjhubert @johnoliver

i have been trying to use the user_management recipe for enabling user authorization on the mongo clusters.. thought i have tried to get it to work on manually on a sharded cluster.. i am having problems to deploy this automatically. Could you please help clarify few of my confusions around using user_management recipe?

is the user_management recipe to be included and used only in shard servers?

i ask this because he cookbook initializes the shards only when mongos is built. and until then havning auth=true is sufficient?

when i include the user_management recipe to add users in mongos, is any other attribute required at mongos for user_management? i understand auth is not a valid option for mongos. hence assuming a user can be added at mongos? Am new to mongo and still figuring out the obvious. any help will really help me get through this,

Thanks!

cjhubert commented 9 years ago

@jayashreen It sounds like you're trying to add users in a sharded/replicated set and not a single node, correct? If so, I would recommend checking out this repo which has an example of running it using chef_solo with 3 config servers, 3 mongod servers, and 1 mongos server.