search

telefonicaid / iotagent-json

IoT Agent for a JSON based protocol (with HTTP, MQTT and AMQP transports)
https://fiware-iotagent-json.rtfd.io/
GNU Affero General Public License v3.0
51 stars 88 forks source link

MongoDB connection, authentication failed #739

Closed NunopRolo closed 1 year ago

NunopRolo commented 1 year ago

IoT Agent JSON version the issue has been seen with

2.2.0

Bound or port used (API interaction)

Northbound (Provision API and NGSI Interactions)

NGSI version

NGSIv2

Are you running a container?

Yes, I am using a contaner (Docker, Kubernetes...)

Image type

distroless

Expected behaviour you didn't see

Successful authentication to MongoDB database

Unexpected behaviour you saw

Failed Authentication to MongoDB database

Steps to reproduce the problem

Execute this docker-compose:

version: "3.8"
services:
    iot-agent:
        image: quay.io/fiware/iotagent-json:2.2.0-distroless
        hostname: iot-agent
        container_name: fiware-iot-agent
        depends_on:
            - mongo-db
        networks:
            - fiware
        ports:
            - "${IOTA_NORTH_PORT}:${IOTA_NORTH_PORT}" 
            - "${IOTA_SOUTH_PORT}:${IOTA_SOUTH_PORT}"
        volumes:
            - ./configs/mosquitto_ssl/config/certs:/certs
        environment:
            - IOTA_CB_HOST=orion
            - IOTA_CB_PORT=${IOTA_CB_PORT}
            - IOTA_NORTH_PORT=${IOTA_NORTH_PORT}
            - IOTA_REGISTRY_TYPE=mongodb 
            - IOTA_TIMESTAMP=true 
            - IOTA_CB_NGSI_VERSION=v2 
            - IOTA_AUTOCAST=true 
            - IOTA_MONGO_HOST=mongo-db 
            - IOTA_MONGO_PORT=${IOTA_MONGO_PORT} 
            - IOTA_MONGO_USER=${MONGO_USER}
            - IOTA_MONGO_PASSWORD=${MONGO_PWD}
            - IOTA_MQTT_PROTOCOL=mqtts
            - IOTA_MQTT_HOST=${MQTT_HOST}
            - IOTA_MQTT_PORT=8883
            - IOTA_MQTT_CA=/certs/ca.crt
            - IOTA_MQTT_CERT=/certs/client.pem
            - IOTA_MQTT_KEY=/certs/client_key.pem
            - IOTA_MQTT_USERNAME=${MQTT_USER}
            - IOTA_MQTT_PASSWORD=${MQTT_PWD}
            - IOTA_DEFAULT_RESOURCE= 
            - IOTA_PROVIDER_URL=http://iot-agent:${IOTA_NORTH_PORT}
            - IOTA_DEFAULT_TRANSPORT=mqtts
            - IOTA_MQTT_REJECT_UNAUTHORIZED=false
        healthcheck:
            interval: 5s

    mongo-db:
        image: mongo:${IOTA_MONGO_DB_VERSION}
        hostname: mongo-db
        container_name: db-mongo
        expose:
            - "${IOTA_MONGO_PORT}"
        ports:
            - "${IOTA_MONGO_PORT}:${IOTA_MONGO_PORT}"
        networks:
            - fiware
        volumes:
            -  ./volumes/mongo-db/db:/data/db
        environment:
            - MONGO_INITDB_ROOT_USERNAME=${MONGO_USER}
            - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PWD}
        healthcheck:
            test: |
                host=`hostname --ip-address || echo '127.0.0.1'`; 
                mongo --quiet $host/test --eval 'quit(db.runCommand({ ping: 1 }).ok ? 0 : 2)' && echo 0 || echo 1
            interval: 5s

networks:
    fiware:

Configs

environment:
    - "IOTA_CB_HOST=orion"
    - "IOTA_CB_PORT=1026"
    - "IOTA_NORTH_PORT=4041"
    - "IOTA_SOUTH_PORT=7896"
    - "IOTA_MONGO_DB_VERSION=4.4"
    - "IOTA_MONGO_HOST=mongodb"
    - "IOTA_MONGO_PORT=27017"

Log output

subsrv=n/a | msg=Attempting to connect to MongoDB instance with url "mongodb://mongo-db:27017/iotagent" and options {"auth":{"user":"","password":""}}. Attempt 1 | comp=IoTAgent (node:1) [MONGODB DRIVER] Warning: Current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor. (Use node --trace-warnings ... to show where the warning was created) (node:1) [MONGODB DRIVER] Warning: Warning: no saslprep library specified. Passwords will not be sanitized
time=2023-08-14T21:12:11.543Z | lvl=ERROR | corr=9ad5f04f-8b95-4292-837e-54c57de0461d | trans=9ad5f04f-8b95-4292-837e-54c57de0461d | op=IoTAgentNGSI.DbConn | from=n/a | srv=n/a | subsrv=n/a | msg=MONGODB-001: Error trying to connect to MongoDB: MongoNetworkError: failed to connect to server [mongo-db:27017] on first connect [MongoError: Authentication failed. at Connection.messageHandler (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:364:19) at Connection.emit (node:events:513:28) at Connection.emit (node:domain:552:15) at processMessage (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:456:10) at Socket. (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:625:15) at Socket.emit (node:events:513:28) at Socket.emit (node:domain:552:15) at addChunk (node:internal/streams/readable:315:12) at readableAddChunk (node:internal/streams/readable:289:9) at Socket.Readable.push (node:internal/streams/readable:228:10) at TCP.onStreamRead (node:internal/stream_base_commons:190:23) at TCP.callbackTrampoline (node:internal/async_hooks:130:17) { ok: 0, code: 18, codeName: 'AuthenticationFailed' }]
fgalan commented 1 year ago

I'd say this problem is not related with the IOTA Agent itself but your running environment. It seems some kind of problem (maybe a connection problem?) is precluding IOTA container to connect to the MongoDB running in the other container. We have a lot of successful use cases in which IOTA is working with MongoDB, both running in docker containers.

I'd suggest to debug your deployment setup (i.e. check connectivity between containers, URL mongodb://mongo-db:27017/iotagent reachability from IOTA container, etc).

NunopRolo commented 1 year ago

Yes its accessible. I tried the command you said, and I get the authentication failed error, but if I don't specify the database "/iotagent" the connection works fine.

One more thing I noticed is that the "iotagent" database is not being created, which could be where the problem comes from, but I don't know why it doesn't create the database.

I also tried the connection without mongodb authentication and everything works fine

Thanks

fgalan commented 1 year ago

I also tried the connection without mongodb authentication and everything works fine

That's is probably the key to debug this issue.

fgalan commented 1 year ago

Duplicated post at https://stackoverflow.com/questions/76902281/fiware-iot-agent-json-connection-to-mongodb-with-authentication ?

cblancog00 commented 1 year ago

This error still happen even when using NGSI-LD protocol, but the error doest seem to be related with this repo, cause its caused by the iotagent-node-lib that is used by this one. As I need to be fixed for my projects cause its not acceptable to use a MongoDB without authentication, i'll open it again in https://github.com/telefonicaid/iotagent-node-lib With a PR with the fix cause it's a small change.

This thread can be closed

fgalan commented 1 year ago

This error still happen even when using NGSI-LD protocol, but the error doest seem to be related with this repo, cause its caused by the iotagent-node-lib that is used by this one. As I need to be fixed for my projects cause its not acceptable to use a MongoDB without authentication, i'll open it again in https://github.com/telefonicaid/iotagent-node-lib With a PR with the fix cause it's a small change.

This thread can be closed

Do you mean this PR: https://github.com/telefonicaid/iotagent-node-lib/pull/1511 ?

cblancog00 commented 1 year ago

Yes, that one. Issue comes from a bad composition of the mongo connection cause it ignores the authentication params

fgalan commented 1 year ago

Thanks for your feedback!

Thus, let's close this issue and continue in the PR

NunopRolo commented 1 year ago

Thank you very much for solving this problem!