Open aurelienrb opened 7 years ago
hmm seems to work correctly with my setup which is not much different. I do think the config is quite big though
Can I get your root user privileges in the admin databases? mostly if you can auth under admin it should be ok to execute listDatabases
Hello,
I created (with some difficulties) a Docker-Compose to setup a MongoDB + MongoExpress combo (I suggest to provide such a thing on your web site to easier the setup of Mongo Express).
So I rely entirely on the officiel MongoDB image from Docker Hub (using MONGO_INITDB_ROOT_USERNAME
+ MONGO_INITDB_ROOT_PASSWORD
) to create the root user. Here's my docker-compose.yml
file to reproduce the issue:
version: '2'
services:
mongo:
image: mongo:3.4
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD}
restart: always
mongo-express:
image: mongo-express:0.40
environment:
- ME_CONFIG_MONGODB_SERVER=mongo
- ME_CONFIG_MONGODB_PORT=27017
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
- ME_CONFIG_MONGODB_AUTH_DATABASE=admin
- ME_CONFIG_MONGODB_AUTH_USERNAME=${MONGO_ROOT_USER}
- ME_CONFIG_MONGODB_AUTH_PASSWORD=${MONGO_ROOT_PASSWORD}
- ME_CONFIG_BASICAUTH_USERNAME=${MONGOEXPRESS_LOGIN}
- ME_CONFIG_BASICAUTH_PASSWORD=${MONGOEXPRESS_PASSWORD}
depends_on:
- mongo
ports:
- "8080:8081"
restart: always
and the associated .env
file:
MONGO_ROOT_USER=devroot
MONGO_ROOT_PASSWORD=devroot
MONGOEXPRESS_LOGIN=dev
MONGOEXPRESS_PASSWORD=dev
Here's the interesting part of the log outputs:
docker-composer up
[...]
mongo_1 | Successfully added user: {
mongo_1 | "user" : "devroot",
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "role" : "root",
mongo_1 | "db" : "admin"
mongo_1 | }
mongo_1 | ]
mongo_1 | }
[...]
mongo-express_1 | Mongo Express server listening at http://0.0.0.0:8081
mongo-express_1 | Server is open to allow connections from anyone (0.0.0.0)
mongo_1 | 2017-07-28T00:33:44.833+0000 I NETWORK [thread1] connection accepted from 172.19.0.3:45082 #1 (1 connection now open)
mongo_1 | 2017-07-28T00:33:44.846+0000 I NETWORK [conn1] received client metadata from 172.19.0.3:45082 conn1: { driver: { name: "nodejs", version: "2.2.24" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "4.4.0-66-generic" }, platform: "Node.js v6.9.5, LE, mongodb-core: 2.1.8" }
mongo-express_1 | Database connected
mongo-express_1 | Admin Database connected
mongo_1 | 2017-07-28T00:33:44.856+0000 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { listDatabases: 1 }
mongo-express_1 | { MongoError: not authorized on admin to execute command { listDatabases: 1 }
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:96:13)
mongo-express_1 | at Socket.emit (events.js:188:7)
mongo-express_1 | at readableAddChunk (_stream_readable.js:176:18)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:134:10)
mongo-express_1 | at TCP.onread (net.js:548:20)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'not authorized on admin to execute command { listDatabases: 1 }',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'not authorized on admin to execute command { listDatabases: 1 }',
mongo-express_1 | code: 13,
mongo-express_1 | codeName: 'Unauthorized' }
Note that although we get this weird message, the Web UI works well.
Now in the docker-compose.yml, change:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
with:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=false
and restart: the error message goes away and in the Web UI we have access to more options!
Aurelien
mongo_1 | "user" : "devroot",
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "role" : "root",
mongo_1 | "db" : "admin"
mongo_1 | }
mongo_1 | ]
mongo_1 | }
the roles root user should be ok to do listDatabases. Not ideas also, can you try using mongo shell to login then try the list command?
mongo
in the mongo shell
use admin
db.auth("devroot","devroot")
show databases
Anyone might help?
This is quite old, but in case someone finds this with the same issue:
According to the documentation in docker hub the environment variables for mongo-express are:
Using these it worked perfectly for me.
This is quite old, but in case someone finds this with the same issue:
According to the documentation in docker hub the environment variables for mongo-express are:
- ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_ROOT_USER}
- ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_ROOT_PASS}
Using these it worked perfectly for me.
It worked for me too, thanks!
Another issue might be, that you have started the MongoDB before and the image is reusing an existing database. As it will not add the user, you won't be able to connect.
@shoehn's advice worked for me:
mongo-express:
image: mongo-express
environment:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
- ME_CONFIG_MONGODB_AUTH_DATABASE=admin
- ME_CONFIG_MONGODB_ADMINUSERNAME=root
- ME_CONFIG_MONGODB_ADMINPASSWORD=pass
ports:
- 8086:8081
mongo:
image: mongo:4.0
environment:
- MONGO_INITDB_ROOT_PASSWORD=pass
- MONGO_INITDB_ROOT_USERNAME=root
ports:
- 27017:27017
Hello,
I'm using docker image mongo-express:latest
(digest sha256:51077e453f7649b3ea21181472a2752cd8f88ca3ed0c5fd1c8dcd12cc68b0b1e
) in Kubernetes. I created an readonly user with role readAnyDatabase
and configured env variables like:
ME_CONFIG_MONGODB_SERVER: db-headless # service name inside my cluster
ME_CONFIG_MONGODB_ENABLE_ADMIN: true
ME_CONFIG_MONGODB_ADMINUSERNAME: reader
ME_CONFIG_MONGODB_ADMINPASSWORD: <secret>
I have this following error in logs but the application seems to work well (I can access and doing basic things)! Even with the database role readWriteAnyDatabase
, I have a MongoError, except with root
role which is clean.
Error [MongoError]: not authorized on admin to execute command { serverStatus: 1, $db: "admin" }
at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
at /node_modules/mongodb-core/lib/connection/pool.js:483:72
at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
at Socket.emit (events.js:314:20)
at addChunk (_stream_readable.js:297:12)
at readableAddChunk (_stream_readable.js:272:9)
at Socket.Readable.push (_stream_readable.js:213:10)
at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
operationTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1612195098 },
ok: 0,
errmsg: 'not authorized on admin to execute command { serverStatus: 1, $db: "admin" }',
code: 13,
codeName: 'Unauthorized',
'$clusterTime': {
clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1612195098 },
signature: { hash: [Binary], keyId: [Long] }
}
}
Do you have some ideas?
Use ME_CONFIG_MONGODB_ENABLE_ADMIN: "true"
@dejurin It does not change :'(
But for the community, I had to add the role clusterMonitor
(https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-clusterMonitor)
`version: '3.1' services: mongodb-server: image: mongo ports:
27017:27017 environment: MONGO_INITDB_ROOT_USERNAME: rvcodeandproject MONGO_INITDB_ROOT_PASSWORD: admin123 mongoexpress-server:
image: mongo-express restart: always ports:
8081:8081 environment: ME_CONFIG_MONGODB_ADMINUSERNAME: test ME_CONFIG_MONGODB_ADMINPASSWORD: adminxyz ME_CONFIG_MONGODB_URL: mongodb+srv://test:adminxyz@cluster0.yeibgbcq.mongodb.net/databasename
ME_CONFIG_MONGODB_SSL: true ME_CONFIG_MONGODB_ENABLE_ADMIN: false` Make sure to add ME_CONFIG_MONGODB_SSL:true and ME_CONFIG_MONGODB_ENABLE_ADMIN:false
Hello,
I tried to setup Mongo Express (v0.42 & v0.40) with
ME_CONFIG_MONGODB_ENABLE_ADMIN=true
as it wasn't clear to me what this option is about, and as a result I get the opposite result as expected. Indeed, with this option beingtrue
, I get the following error in the logs:and the following message on the Web UI:
But if I set this option to
false
, the error message goes away, and I can see the server stats and create new databases ! In other words, everything works fine (including db administration) only if I setME_CONFIG_MONGODB_ENABLE_ADMIN=false
.Here's my complete config to reproduce the issue:
Cheers,
Aurelien