如何使用 docker-compose 在 mongodb 中创建用户

Question

I'm trying to create some kind of script that will create a docker with mongodb and automatically create a user.

I can usually manage my docker images with docker-compose but this time, I don't know how to do it.

Basically, here is what I have to do:

1. clean/destroy container ( docker-compose down )
2. create a docker container with mongodb and start it (without --auth parameter )
3. execute a java script containing db.createUser()
4. stop the container
5. restart the same container with --auth parameter to allow login with the user created in the javascript

I can't find how to do that properly with docker-compose because when it starts, I have to give it the command --auth. If I do that, I cannot execute my javascript to add my user. MongoDB allows users creation without being logged in if there is no user and if --auth parameter is not provided.

I want to do that automatically, I do not want to manually do some commands. The goal is to have a script that can be executed before each integration tests to start from a clean database.

Here is my project:

integration-test/src/test/resources/scripts/docker-compose.yml

mongodb:
    container_name: mongo
    image: mongo
  ports:
    - "27017:27017"
  volumes:
    - .:/setup
  command: --auth

integration-test/src/test/resources/scripts/docker-init.sh

docker-compose down
docker-compose up -d
sleep 1
docker exec mongo bash -c "mongo myDatabase /setup/mongodb-setup.js"

integration-test/src/test/resources/scripts/mongodb-setup.js

db.createUser(
{
    user: "myUser",
    pwd: "myPassword",
    roles: [
      { role: "readWrite", db: "myDatabase" }
    ]
})

Finding a way to start again a container with a new parameter (in this case --auth ) would help but I can't find how to do that (docker start does not take parameters).

Any idea how I should do what I would like ?

If not, I can still delete everything from my database with some Java code or something else but I would like a complete mongodb docker setup created with a script.

Answer 1

The official mongo image now supports following environment variables that can be used in docker-compose as below:

environment:
      - MONGO_INITDB_ROOT_USERNAME=user
      - MONGO_INITDB_ROOT_PASSWORD=password
      - MONGO_INITDB_DATABASE=test

more explanation at: https://stackoverflow.com/a/42917632/1069610

Answer 2

This is how I do it, my requirement was to bring up a few containers along with mongodb, the other containers expect a user to be present when they come up, this worked for me. The good part is, the mongoClientTemp exits after the command is executed so the container doesn't stick around.

version: '2'
services:
  mongo:
   image: mongo:latest
   container_name: mongo
   ports:
    - "27017:27017"
   volumes:
    - /app/hdp/mongo/data:/data/db

  mongoClientTemp:
   image: mongo:latest
   container_name: mongoClientTemp
   links:
    - mongo:mongo
   command: mongo --host mongo --eval  "db.getSiblingDB('dashboard').createUser({user:'db', pwd:'dbpass', roles:[{role:'readWrite',db:'dashboard'}]});"
   depends_on:
    - mongo

  another-container:
   image: another-image:v01
   container_name: another-container
   ports:
    - "8080:8080"
   volumes:
    - ./logs:/app/logs
   environment:
    - MONGODB_HOST=mongo
    - MONGODB_PORT=27017
   links:
    - mongo:mongo
   depends_on:
    - mongoClientTemp

Answer 3

EDIT: tutumcloud repository is deprecated and no longer maintained, see other answers

I suggest that you use environment variables to set mongo user, database and password. tutum (owned by Docker) published a very good image

https://github.com/tutumcloud/mongodb

docker run -d -p 27017:27017 -p 28017:28017 -e MONGODB_USER="user" -e MONGODB_DATABASE="mydatabase" -e MONGODB_PASS="mypass" tutum/mongodb

You may convert these variables into docker-compose environments variables. You don't have to hard code it.

environment:
    MONGODB_USER: "${db_user_env}"
    MONGODB_DATABASE: "${dbname_env}"
    MONGODB_PASS: "${db_pass}"

This configuration will read from your session's environment variables.

Answer 4

After reading the the official mongo docker page , I've found that you can create an admin user one single time, even if the auth option is being used. This is not well documented, but it simply works (hope it is not a feature). Therefore, you can keep using the auth option all the time.

I created a github repository with scripts wrapping up the commands to be used. The most important command lines to run are:

docker exec db_mongodb mongo admin /setup/create-admin.js
docker exec db_mongodb mongo admin /setup/create-user.js -u admin -p admin --authenticationDatabase admin

The first line will create the admin user (and mongo will not complain even with auth option). The second line will create your "normal" user, using the admin rights from the first one.

Answer 5

Mongo image provides the /docker-entrypoint-initdb.d/ path to deploy custom .js or .sh setup scripts.

Check this post to get more details : How to create a DB for MongoDB container on start up?

Answer 6

file: docker-compose.yaml

mongo:
    image: mongo:latest
    volumes_from:
        - data
    ports:
        - "27017:27017"
    command: --auth

    container_name: "db_mongodb"

data:
    image: mongo:latest
    volumes:
        - /var/lib/mongo
        - ./setup:/setup
    command: "true"
    container_name: "db_mongodb_data"

file: .buildMongo.sh

#!/bin/sh
docker-compose down
docker-compose up -d
sleep 1
docker exec db_mongodb  mongo admin /setup/create-admin.js
docker exec db_mongodb  mongo myDb /setup/create-user.js -u admin -p admin --authenticationDatabase admin

The create-admin.js and create-user.js files are commands that you use using the mongo shell. So they must be easy for you to understand. The real direction is like the jzqa answer, "environment variables". So the question here is how to create a user. I think this answers that point at least, you can check the complete setup here https://github.com/Lus1t4nUm/mongo_docker_bootstrap

Answer 7

For initializing mongo with initial user-password-db triple and initdb scripts with only one docker-compose.yml, without any extra configuration, you can use bitnami/mongo image.

In my case, I didn't run my scripts under /docker-entrypoint-initdb.d directory in the container after setting environment variables; MONGODB_USERNAME and MONGODB_PASSWORD (specific env variables for bitnami image) because mongod runs with --auth option automatically when you set these variables. Consequently, I got authentication errors when the container was in the process of executing the scripts.

Because, it was connecting to: mongodb://192.168.192.2:27017/compressors=disabled&gssapiServiceName=mongodb

TERMINAL LOG OF THE ERROR

FIRST DOCKER-COMPOSE FILE:

version: "3"
services:
mongodb:
    container_name: mongodb
    image: 'docker.io/bitnami/mongodb:4.2-debian-10'
    ports:
        - "27017:27017"
    volumes:
        - "mongodb_data:/bitnami/mongodb"
        - "./mongodb/scripts:/docker-entrypoint-initdb.d"
    environment:
        - MONGODB_INITSCRIPTS_DIR=/docker-entrypoint-initdb.d
        - MONGODB_USERNAME=some_username
        - MONGODB_PASSWORD=some_password
        - MONGODB_DATABASE=some_db_name
    networks:
        backend:
    restart: unless-stopped
volumes:
    mongodb_data:
networks:
    backend:
        driver: bridge

INIT JS FILE UNDER ./mongodb/scripts PATH:

let db = connect("localhost:27017/some_db_name");
db.auth("some_username", "some_password");
let collections = db.getCollectionNames();
let storeFound = false; 
let index;
for(index=0; index<collections.length; index++){
   if ("store" === collections[index]){
       storeFound = true;   
   }
}
if(!storeFound ){
   db.createCollection("store");
   db.store.createIndex({"name": 1});
}

So, I decided to add new environment variables to my docker-compose.yml after inspecting https://github.com/bitnami/bitnami-docker-mongodb/blob/master/4.2/debian-10/rootfs/opt/bitnami/scripts/libmongodb.sh file.

In this sh file, there is function like mongodb_custom_init_scripts() for executing the scripts. For executing all script files, it runs mongodb_execute() method. In this method, after mongod instance is up and run, mongo client is connecting to the mongod instance by using some parameters.

########################
# Execute an arbitrary query/queries against the running MongoDB service
# Stdin:
#   Query/queries to execute
# Arguments:
#   $1 - User to run queries
#   $2 - Password
#   $3 - Database where to run the queries
#   $4 - Host (default to result of get_mongo_hostname function)
#   $5 - Port (default $MONGODB_PORT_NUMBER)
#   $6 - Extra arguments (default $MONGODB_CLIENT_EXTRA_FLAGS)
# Returns:
#   None
########################
mongodb_execute() {
    local -r user="${1:-}"
    local -r password="${2:-}"
    local -r database="${3:-}"
    local -r host="${4:-$(get_mongo_hostname)}"
    local -r port="${5:-$MONGODB_PORT_NUMBER}"
    local -r extra_args="${6:-$MONGODB_CLIENT_EXTRA_FLAGS}"
    local result
    local final_user="$user"
    # If password is empty it means no auth, do not specify user
    [[ -z "$password" ]] && final_user=""

    local -a args=("--host" "$host" "--port" "$port")
    [[ -n "$final_user" ]] && args+=("-u" "$final_user")
    [[ -n "$password" ]] && args+=("-p" "$password")
    [[ -n "$extra_args" ]] && args+=($extra_args)
    [[ -n "$database" ]] && args+=("$database")

    "$MONGODB_BIN_DIR/mongo" "${args[@]}"
}

After that I added new environment variables to my docker-compose like MONGODB_ADVERTISED_HOSTNAME , MONGODB_PORT_NUMBER , and, MONGODB_CLIENT_EXTRA_FLAGS

So my final docker-compose.yml looks like:

version: "3"
services:
mongodb:
    container_name: mongodb
    image: 'docker.io/bitnami/mongodb:4.2-debian-10'
    ports:
        - "27017:27017"
    volumes:
        - "mongodb_data:/bitnami/mongodb"
        - "./mongodb/scripts:/docker-entrypoint-initdb.d"
    environment:
        - MONGODB_INITSCRIPTS_DIR=/docker-entrypoint-initdb.d
        - MONGODB_USERNAME=some_username
        - MONGODB_PASSWORD=some_password
        - MONGODB_DATABASE=some_db_name
        - MONGODB_ADVERTISED_HOSTNAME=localhost
        - MONGODB_PORT_NUMBER=27017
        - MONGODB_CLIENT_EXTRA_FLAGS=--authenticationDatabase=some_db_name
    networks:
        backend:
    restart: unless-stopped
volumes:
    mongodb_data:
networks:
    backend:
        driver: bridge

Now, it was connecting by this url:

mongodb://localhost:27017/?authSource=some_db_name&compressors=disabled &gssapiServiceName=mongodb

Answer 8

In your project directory create another directory docker-entrypoint-initdb.d then the file tree looks like this:

📦Project-directory
 ┣ 📂docker-entrypoint-initdb.d
 ┃ ┗ 📜mongo-init.js
 ┗ 📜docker-compose.yaml

The docker-compose.yml contains:

version: "3.7"
services:
  mongo:
    container_name: container-mongodb
    image: mongo:latest
    restart: always
    ports:
      - 27017:27017

    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: password
      MONGO_INITDB_DATABASE: root-db

    volumes:
      - ./docker-entrypoint-initdb.d/mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro

mongo-init.js contains the javascript code to create user with different roles.

print("Started Adding the Users.");
db = db.getSiblingDB("admin");
db.createUser({
  user: "userx",
  pwd: "1234",
  roles: [{ role: "readWrite", db: "admin" }],
});
print("End Adding the User Roles.");

You can modify the mongo-init.js as you need.

Answer 9

add --noauth option to the mongo command

extract from my docker-compose.yml file

mongors:
  image: mongo:latest
  command: mongod --noprealloc --smallfiles --replSet mongors2 --dbpath /data/db --nojournal --oplogSize 16 --noauth
  environment:
    TERM: xterm
  volumes:
    - ./data/mongors:/data/db