bert-w
commented
7 years ago hmm seems to work correctly with my setup which is not much different. I do think the config is quite big though
Open aurelienrb opened 7 years ago
bert-w
commented
7 years ago hmm seems to work correctly with my setup which is not much different. I do think the config is quite big though
DarrenWong
commented
7 years ago Can I get your root user privileges in the admin databases? mostly if you can auth under admin it should be ok to execute listDatabases
aurelienrb
commented
7 years ago Hello,
I created (with some difficulties) a Docker-Compose to setup a MongoDB + MongoExpress combo (I suggest to provide such a thing on your web site to easier the setup of Mongo Express).
So I rely entirely on the officiel MongoDB image from Docker Hub (using MONGO_INITDB_ROOT_USERNAME + MONGO_INITDB_ROOT_PASSWORD) to create the root user. Here's my docker-compose.yml file to reproduce the issue:
version: '2'
services:
mongo:
image: mongo:3.4
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USER}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD}
restart: always
mongo-express:
image: mongo-express:0.40
environment:
- ME_CONFIG_MONGODB_SERVER=mongo
- ME_CONFIG_MONGODB_PORT=27017
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
- ME_CONFIG_MONGODB_AUTH_DATABASE=admin
- ME_CONFIG_MONGODB_AUTH_USERNAME=${MONGO_ROOT_USER}
- ME_CONFIG_MONGODB_AUTH_PASSWORD=${MONGO_ROOT_PASSWORD}
- ME_CONFIG_BASICAUTH_USERNAME=${MONGOEXPRESS_LOGIN}
- ME_CONFIG_BASICAUTH_PASSWORD=${MONGOEXPRESS_PASSWORD}
depends_on:
- mongo
ports:
- "8080:8081"
restart: alwaysand the associated .env file:
MONGO_ROOT_USER=devroot
MONGO_ROOT_PASSWORD=devroot
MONGOEXPRESS_LOGIN=dev
MONGOEXPRESS_PASSWORD=devHere's the interesting part of the log outputs:
docker-composer up
[...]
mongo_1 | Successfully added user: {
mongo_1 | "user" : "devroot",
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "role" : "root",
mongo_1 | "db" : "admin"
mongo_1 | }
mongo_1 | ]
mongo_1 | }
[...]
mongo-express_1 | Mongo Express server listening at http://0.0.0.0:8081
mongo-express_1 | Server is open to allow connections from anyone (0.0.0.0)
mongo_1 | 2017-07-28T00:33:44.833+0000 I NETWORK [thread1] connection accepted from 172.19.0.3:45082 #1 (1 connection now open)
mongo_1 | 2017-07-28T00:33:44.846+0000 I NETWORK [conn1] received client metadata from 172.19.0.3:45082 conn1: { driver: { name: "nodejs", version: "2.2.24" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "4.4.0-66-generic" }, platform: "Node.js v6.9.5, LE, mongodb-core: 2.1.8" }
mongo-express_1 | Database connected
mongo-express_1 | Admin Database connected
mongo_1 | 2017-07-28T00:33:44.856+0000 I ACCESS [conn1] Unauthorized: not authorized on admin to execute command { listDatabases: 1 }
mongo-express_1 | { MongoError: not authorized on admin to execute command { listDatabases: 1 }
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:96:13)
mongo-express_1 | at Socket.emit (events.js:188:7)
mongo-express_1 | at readableAddChunk (_stream_readable.js:176:18)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:134:10)
mongo-express_1 | at TCP.onread (net.js:548:20)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'not authorized on admin to execute command { listDatabases: 1 }',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'not authorized on admin to execute command { listDatabases: 1 }',
mongo-express_1 | code: 13,
mongo-express_1 | codeName: 'Unauthorized' }Note that although we get this weird message, the Web UI works well.
Now in the docker-compose.yml, change:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=truewith:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=falseand restart: the error message goes away and in the Web UI we have access to more options!
Aurelien
DarrenWong
commented
7 years ago mongo_1 | "user" : "devroot",
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "role" : "root",
mongo_1 | "db" : "admin"
mongo_1 | }
mongo_1 | ]
mongo_1 | }the roles root user should be ok to do listDatabases. Not ideas also, can you try using mongo shell to login then try the list command?
mongoin the mongo shell
use admin
db.auth("devroot","devroot")
show databasesAnyone might help?
shoehn
commented
6 years ago This is quite old, but in case someone finds this with the same issue:
According to the documentation in docker hub the environment variables for mongo-express are:
Using these it worked perfectly for me.
ricavalcanti
commented
5 years ago This is quite old, but in case someone finds this with the same issue:
According to the documentation in docker hub the environment variables for mongo-express are:
- ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_ROOT_USER}
- ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_ROOT_PASS}
Using these it worked perfectly for me.
It worked for me too, thanks!
thirsch
commented
5 years ago Another issue might be, that you have started the MongoDB before and the image is reusing an existing database. As it will not add the user, you won't be able to connect.
jonathanandrewsuk
commented
3 years ago @shoehn's advice worked for me:
mongo-express:
image: mongo-express
environment:
- ME_CONFIG_MONGODB_ENABLE_ADMIN=true
- ME_CONFIG_MONGODB_AUTH_DATABASE=admin
- ME_CONFIG_MONGODB_ADMINUSERNAME=root
- ME_CONFIG_MONGODB_ADMINPASSWORD=pass
ports:
- 8086:8081
mongo:
image: mongo:4.0
environment:
- MONGO_INITDB_ROOT_PASSWORD=pass
- MONGO_INITDB_ROOT_USERNAME=root
ports:
- 27017:27017
percenuage
commented
3 years ago Hello,
I'm using docker image mongo-express:latest (digest sha256:51077e453f7649b3ea21181472a2752cd8f88ca3ed0c5fd1c8dcd12cc68b0b1e) in Kubernetes. I created an readonly user with role readAnyDatabase and configured env variables like:
ME_CONFIG_MONGODB_SERVER: db-headless # service name inside my cluster
ME_CONFIG_MONGODB_ENABLE_ADMIN: true
ME_CONFIG_MONGODB_ADMINUSERNAME: reader
ME_CONFIG_MONGODB_ADMINPASSWORD: <secret>I have this following error in logs but the application seems to work well (I can access and doing basic things)! Even with the database role readWriteAnyDatabase, I have a MongoError, except with root role which is clean.
Error [MongoError]: not authorized on admin to execute command { serverStatus: 1, $db: "admin" }
at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
at /node_modules/mongodb-core/lib/connection/pool.js:483:72
at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
at Socket.emit (events.js:314:20)
at addChunk (_stream_readable.js:297:12)
at readableAddChunk (_stream_readable.js:272:9)
at Socket.Readable.push (_stream_readable.js:213:10)
at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
operationTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1612195098 },
ok: 0,
errmsg: 'not authorized on admin to execute command { serverStatus: 1, $db: "admin" }',
code: 13,
codeName: 'Unauthorized',
'$clusterTime': {
clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1612195098 },
signature: { hash: [Binary], keyId: [Long] }
}
}Do you have some ideas?
dejurin
commented
3 years ago Use ME_CONFIG_MONGODB_ENABLE_ADMIN: "true"
percenuage
commented
1 year ago @dejurin It does not change :'(
But for the community, I had to add the role clusterMonitor (https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-clusterMonitor)
RohanVania
commented
2 months ago `version: '3.1' services: mongodb-server: image: mongo ports:
27017:27017 environment: MONGO_INITDB_ROOT_USERNAME: rvcodeandproject MONGO_INITDB_ROOT_PASSWORD: admin123 mongoexpress-server:
image: mongo-express restart: always ports:
8081:8081 environment: ME_CONFIG_MONGODB_ADMINUSERNAME: test ME_CONFIG_MONGODB_ADMINPASSWORD: adminxyz ME_CONFIG_MONGODB_URL: mongodb+srv://test:adminxyz@cluster0.yeibgbcq.mongodb.net/databasename
ME_CONFIG_MONGODB_SSL: true ME_CONFIG_MONGODB_ENABLE_ADMIN: false` Make sure to add ME_CONFIG_MONGODB_SSL:true and ME_CONFIG_MONGODB_ENABLE_ADMIN:false
Hello,
I tried to setup Mongo Express (v0.42 & v0.40) with
ME_CONFIG_MONGODB_ENABLE_ADMIN=trueas it wasn't clear to me what this option is about, and as a result I get the opposite result as expected. Indeed, with this option beingtrue, I get the following error in the logs:and the following message on the Web UI:
But if I set this option to
false, the error message goes away, and I can see the server stats and create new databases ! In other words, everything works fine (including db administration) only if I setME_CONFIG_MONGODB_ENABLE_ADMIN=false.Here's my complete config to reproduce the issue:
Cheers,
Aurelien