[BUG] mongodb fails to load init-mongo.js and exits with code -3

ScalableSec commented 6 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

There's an "init-mongo.js" file in a shared folder that the user that has launched "docker-compose.yml" file has rwx access to. When I open a bash terminal in the mongodb container, I can verify that the "init-mongo.js" file exists in the container with the following contents:

db.getSiblingDB("unifi").createUser({user: "unifiuser", pwd: "PASSWORD", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifiuser", pwd: "PASSWORD", roles: [{role: "dbOwner", db: "unifi_stat"}]});

This file exists in the /docker-entrypoint-initdb.d directory inside the container with the following permissions:

-rwxrwxr-x+ 1 root root  251 Dec  2 14:49 init-mongo.js

However, the mongodb container reports that it couldn't load the init-mongo.js file:

/usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/init-mongo.js
{"t":{"$date":"2023-12-02T15:39:33.733+00:00"},"s":"I",  "c":"INDEX",    "id":20345,   "ctx":"LogicalSessionCacheRefresh","msg":"Index build: done building","attr":{"buildUUID":null,"namespace":"config.system.sessions","index":"_id_","commitTimestamp":{"$timestamp":{"t":0,"i":0}}}}
{"t":{"$date":"2023-12-02T15:39:33.748+00:00"},"s":"I",  "c":"INDEX",    "id":20345,   "ctx":"LogicalSessionCacheRefresh","msg":"Index build: done building","attr":{"buildUUID":null,"namespace":"config.system.sessions","index":"lsidTTLIndex","commitTimestamp":{"$timestamp":{"t":0,"i":0}}}}
{"t":{"$date":"2023-12-02T15:39:33.748+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"LogicalSessionCacheRefresh","msg":"Slow query","attr":{"type":"command","ns":"config.system.sessions","command":{"createIndexes":"system.sessions","indexes":[{"key":{"lastUse":1},"name":"lsidTTLIndex","expireAfterSeconds":1800}],"writeConcern":{},"$db":"config"},"numYields":0,"reslen":114,"locks":{"ParallelBatchWriterMode":{"acquireCount":{"r":5}},"FeatureCompatibilityVersion":{"acquireCount":{"r":2,"w":3}},"ReplicationStateTransition":{"acquireCount":{"w":5}},"Global":{"acquireCount":{"r":2,"w":3}},"Database":{"acquireCount":{"r":2,"w":3}},"Collection":{"acquireCount":{"r":3,"w":2}},"Mutex":{"acquireCount":{"r":6}}},"flowControl":{"acquireCount":1,"timeAcquiringMicros":1},"storage":{},"protocol":"op_msg","durationMillis":500}}
{"t":{"$date":"2023-12-02T15:39:33.886+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:34710","connectionId":2,"connectionCount":1}}
{"t":{"$date":"2023-12-02T15:39:33.887+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn2","msg":"client metadata","attr":{"remote":"127.0.0.1:34710","client":"conn2","doc":{"application":{"name":"MongoDB Shell"},"driver":{"name":"MongoDB Internal Client","version":"4.4.26"},"os":{"type":"Linux","name":"Ubuntu","architecture":"x86_64","version":"20.04"}}}}
failed to load: /docker-entrypoint-initdb.d/init-mongo.js
exiting with code -3

This leads to both databases not being created. the database reports that it can't find user unifiuser because of that, when the unifi-network-application container tries to access the mongodb container:

.3:56184","extraInfo":{},"error":"UserNotFound: Could not find user \"unifiuser\" for db \"unifi\""}}
{"t":{"$date":"2023-12-02T15:49:32.860+00:00"},"s":"I",  "c":"ACCESS",   "id":20249,   "ctx":"conn4","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"unifiuser","authenticationDatabase":"unifi","remote":"172.29.32.3:56184","extraInfo":{},"error":"UserNotFound: Could not find user \"unifiuser\" for db \"unifi\""}}

docker-compose.yml:

---
version: "3.4"
networks:
  qnet-static-eth1-65b9fb:
    external: true
volumes:
  unifi_linuxserver:
  mongo_data:
services:
  mongodb:
    image: mongo:4.4.26
    container_name: unifi-db
    volumes:
      - mongo_data:/data/db
      - /share/dockerconfig/unifi/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped
  unifi-network-application:
    depends_on:
      mongodb:
        condition: service_started
    image: lscr.io/linuxserver/unifi-network-application:7.5.187-ls15
    container_name: unifi-network-application
    environment:
      - PUID=1001
      - PGID=1005
      - TZ=Europe/Amsterdam
      - MONGO_USER=unifiuser
      - MONGO_PASS=PASSWORD
      - MONGO_HOST=mongodb
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
    volumes:
      - unifi_linuxserver:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    networks:
      qnet-static-eth1-65b9fb:
        ipv4_address: 192.168.3.4
      default:
    restart: unless-stopped

init-mongo.js:

db.getSiblingDB("unifi").createUser({user: "unifiuser", pwd: "PASSWORD", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifiuser", pwd: "PASSWORD", roles: [{role: "dbOwner", db: "unifi_stat"}]});

Expected Behavior

The mongodb container should load the init-mongo.js file and create the unifi and unifi_stat databases with it's corresponding users.

Steps To Reproduce

create the container with the docker-compose.yml file and the init-mongo.js file using the create application feature in QNAP Container Station or as an admin user that has access to the /share/dockerconfig directory using "docker compose up -d" in the CLI.
view the logs of the unifi-db container in QNAP Container Station or with "docker compose logs"

Environment

- OS: QNAP QTS 5.1.3.2578
- How docker service was installed: With a docker-compose.yml file

CPU architecture

x86-64

Docker creation

docker compose up -d

Container logs

[migrations] started
[migrations] no migrations found
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    1001
User GID:    1005
───────────────────────────────────────

*** Waiting for MONGO_HOST mongodb to be reachable. ***
Generating 4,096 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 3,650 days
        for: CN=unifi
[custom-init] No custom files found, skipping...
no crontab for abc
no crontab for root

github-actions[bot] commented 6 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

lennynilsson commented 6 months ago

@matteo-g hinted me to this init script that worked for me. I am not sure why it works, if it is that only one user is created (and not the same user twice) or that the role is dbOwner instead of only readWrite:

var user = "unifi";
var pwd = "password";
var data_db = "unifi";
var cfg_db = db + "_stat";

db.getSiblingDB(data_db).createUser(
        {
                user: user,
                pwd: pwd,
                roles: [
                        {
                                role: "dbOwner",
                                db: data_db
                        },
                        {
                                role: "dbOwner",
                                db: cfg_db
                        }
                ]
        }
);

NOTE: Maybe someone from the Mongo and JS community can make this cleaner?

zpqrtbnk commented 5 months ago

~Reproduced. And then, docker compose exec mongodb sh + start mongo shell + run the script commands = creates everything as needed, so I don't think the script itself is the problem - more that it's not executed?~

It was, obviously, my mistake. Make sure that the script is referenced through an absolute, host path, and with the proper permissions for mongo to open it. Make sure the script is not using commands that would not be available in the mongo version that is executing. Carefully check for errors in the mongo log. Mongo is a pain.

autox86 commented 5 months ago

Hi all, same here with init script. (password changed to non-speaking) db.getSiblingDB("unifi").createUser({user: "unifiuser", pwd: "Mongo2me", roles: [{role: "dbOwner", db: "unifi"}]}); db.getSiblingDB("unifi_stat").createUser({user: "unifiuser", pwd: "Mongo2me", roles: [{role: "dbOwner", db: "unifi_stat"}]});

file permission (not sure it matters) -rw-r--r-- 1 root root 242 Jan 4 15:24 mongo-init.js

docker-compose

version: "3.4"
  networks:
    unifi-network:
      driver: bridge
  services:
    mongodb:
      image: mongo:4.4.26
      container_name: unifi-db
      volumes:
        - /srv/docker/unifi/unifi-db/config:/data/db
        - /srv/docker/unifi-db/initdb.d/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
      restart: unless-stopped
      networks:
        - unifi-network

    unifi-network-application:
      depends_on:
        mongodb:
          condition: service_started
      image: lscr.io/linuxserver/unifi-network-application:7.5.187-ls15
      container_name: unifi-network-application
      environment:
        - PUID=1001
        - PGID=1005
        - TZ=Europe/Amsterdam
        - MONGO_USER=unifiuser
        - MONGO_PASS=Mongo2me
        - MONGO_HOST=mongodb
        - MONGO_PORT=27017
        - MONGO_DBNAME=unifi
      volumes:
        - /srv/docker/unifi/app/config:/config
      ports:
        - 8443:8443
        - 3478:3478/udp
        - 10001:10001/udp
        - 8080:8080
        - 1900:1900/udp #optional
        - 8843:8843 #optional
        - 8880:8880 #optional
        - 6789:6789 #optional
        - 5514:5514/udp #optional
      networks:
        - unifi-network
      restart: unless-stopped

Logs from DB: /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/mongo-init.js t={"$date":"2024-01-04T14:36:44.982+00:00"} s=I c=NETWORK id=22943 ctx=listener msg=Connection accepted attr={"remote":"127.0.0.1:47152","connectionId":2,"connectionCount":1} t={"$date":"2024-01-04T14:36:44.982+00:00"} s=I c=NETWORK id=51800 ctx=conn2 msg=client metadata attr={"remote":"127.0.0.1:47152","client":"conn2","doc":{"application":{"name":"MongoDB Shell"},"driver":{"name":"MongoDB Internal Client","version":"4.4.26"},"os":{"type":"Linux","name":"Ubuntu","architecture":"x86_64","version":"20.04"}}} t={"$date":"2024-01-04T14:36:44.985Z"} s=E c=- id=22780 ctx=main msg=directory [{filename}] **doesn't have any *.js files attr={"filename":"/docker-entrypoint-initdb.d/mongo-init.js"}** failed to load: /docker-entrypoint-initdb.d/mongo-init.js

What kind of attribute is expected or this description missleading?

Unfortunately I am completely new to docker which means I am not yet able to deep dive into it as I missing knowledge about possibilities to debug etc.

Edit: Obviously issue found: 1.) init file path was incorrect 2.) As I used portainer my "env_file" was missing

So: I deleted all volumes and docker related to unifi and mongo Hint: by default volume is here: /var/lib/docker/volumes _Hint2: Not only delete it from docker but also from filesystem

Working conf

version: "3.4"
networks:
  unifi-network:
    driver: bridge
services:
  mongodb:
    # working_dir: /app
    image: mongo:4.4.26
    container_name: unifi-db
    volumes:
      - /srv/docker/unifi/unifi-db/config:/data/db
      - /srv/docker/unifi/unifi-db/initdb.d/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
    restart: unless-stopped
    networks:
      - unifi-network

  unifi-network-application:
    # working_dir: /app
    depends_on:
      mongodb:
        condition: service_started
    image: lscr.io/linuxserver/unifi-network-application:7.5.187-ls15
    container_name: unifi-network-application
    environment:
      - PUID=1001
      - PGID=1005
      - TZ=Europe/Amsterdam
      - MONGO_USER=unifiuser
      - MONGO_PASS=Mongo2me
      - MONGO_HOST=mongodb
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
    volumes:
      - /srv/docker/unifi/app/config:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    networks:
      - unifi-network
    restart: unless-stopped

init file: mongo-init.js

db.getSiblingDB("unifi").createUser({user: "unifiuser", pwd: "Mongo2me", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifiuser", pwd: "Mongo2me", roles: [{role: "dbOwner", db: "unifi_stat"}]});

LinuxServer-CI commented 4 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

homerr commented 3 months ago

I've gone through this and can start mongo with the provided init file and it works fine. As the mongo server is outside of what we publish, it may be best to work on this with their support.

BHuck74 commented 3 months ago

I've gone through this and can start mongo with the provided init file and it works fine. As the mongo server is outside of what we publish, it may be best to work on this with their support.

Dear @homerr : which init file are you referring? I'm struggling for weeks know trying to get this stuff working. NO WAY. The mongo-init.js is well mounted and accessible from within the container, but still have the [custom-init] No custom files found. This file is just not taken into account and of course my database isn't created and I can't go onward. I'm using Portainer as well.

No idea why... Totally lost. I've never spent so much time trying a stack to get working just because of that stupid Mongo database...

aptalca commented 3 months ago

[custom-init] No custom files found. message is referring something else entirely. Also, that message is displayed in the log of the unifi container, not mongo. Not sure why you'd expect the unifi container to log a message about mounting a file into an entirely different container.

You didn't post any info on your compose so I can only guess. My guess is, you didn't follow the readme. You need to start with an empty data folder for mongo as the db creation only happens on first start. And you need to make sure you're not setting any db or user related env vars for mongo. Both are explained in the readme.

BHuck74 commented 3 months ago

[custom-init] No custom files found. message is referring something else entirely. Also, that message is displayed in the log of the unifi container, not mongo. Not sure why you'd expect the unifi container to log a message about mounting a file into an entirely different container.

You didn't post any info on your compose so I can only guess. My guess is, you didn't follow the readme. You need to start with an empty data folder for mongo as the db creation only happens on first start. And you need to make sure you're not setting any db or user related env vars for mongo. Both are explained in the readme.

You are right. If you get too worked up about a problem, you end up not thinking straight. Actually I found the root cause. It was linked to my use of Docker secrets in my Portainer docker-compose file... I didn't find yet why, but for some reason the mongo container seems not accepting secrets. If I put the password directly, then it works... Below is my config:

version: '3.8'

services:
  unifi_netapp_db:
    image: mongo:6.0
    container_name: unifi_netapp_db
    hostname: unifi_netapp_db
    volumes:
      - /mnt/docker/unifi-netapp/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
      - /mnt/docker/unifi-netapp/db-data/db:/data/db
    restart: unless-stopped
    networks:
      - unifi_network

  unifi_netapp_core:
    image: lscr.io/linuxserver/unifi-network-application:latest

    hostname: unifi_netapp_core
    container_name: unifi_netapp_core
    depends_on:
      unifi_netapp_db:
        condition: service_started
    environment:
      TZ: 'Europe/Paris'
      MONGO_USER: mongo
      MONGO_PASS: /run/secrets/mongo-password # Doesn't work...
      #MONGO_PASS: "******" -> this case works fine
      MONGO_HOST: unifi_netapp_db
      MONGO_PORT: 27017
      MONGO_DBNAME: unifi
    secrets:
      - mongo-password
    volumes:
      - /mnt/docker/unifi-netapp/core-data:/config

#    ports:
#      - 3478:3478/udp # Mandatory
#      - 10001:10001/udp # Mandatory
#      - 8080:8080 # Mandatory
#      - 8443:8443 # GUI access being behind the reverse proxy
#      - 8843:8843 # Optional
#      - 8880:8880 # Optional
    restart: unless-stopped
    networks:
      - proxy_network
      - unifi_network

networks:
  unifi_network:
    driver: bridge
  proxy_network:
    external: true # proxy_network need to be created beforehand in Portainer interface

secrets:
  mongo-password:
    file: /mnt/docker/unifi-netapp/mongo_pass.txt

If not working with secrets, I will try using environment variables...

aptalca commented 3 months ago

That's not how secrets are used https://github.com/linuxserver/docker-unifi-network-application?tab=readme-ov-file#environment-variables-from-files-docker-secrets

github-actions[bot] commented 1 month ago

This issue is locked due to inactivity

linuxserver / docker-unifi-network-application