如何使用最少的配置在mongo容器中创建经过身份验证的mongo数据库
[英]How to create an authenticated mongo database in a mongo container with minimal config
问题描述
I'm using Sails 0.12.3 and mongo 3.2.7 
我正在使用Sails 0.12.3和mongo 3.2.7
Here's my config/connections.js. 这是我的config / connections.js。
mongo: {
adapter: 'sails-mongo',
host: 'database',
port: 27017,
user: 'user', //optional
password: 'password', //optional
database: 'db' //optional
}
and my docker-compose.yml 和我的docker-compose.yml
version: '2'
services:
myservice:
//blabla
links:
- database
database:
image: 'mongo:latest'
container_name: 'database'
environment:
MONGODB_PASSWORD: "password"
MONGODB_USER: "user"
MONGODB_DATABASE: "db"
The problem comes whenever I build the containers with docker-compose up --build, the error comes from the sails-mongo module. 每当我使用docker-compose up --build构建容器时,问题就出现了,错误来自sails-mongo模块。
error: A hook (`orm`) failed to load!
error: Error: Failed to connect to MongoDB. Are you sure your configured Mongo instance is running?
Error details:
{ MongoError: Authentication failed.
at Function.MongoError.create (/app/node_modules/mongodb-core/lib/error.js:31:11)
at commandCallback (/app/node_modules/mongodb-core/lib/topologies/server.js:929:66)
at Callbacks.emit (/app/node_modules/mongodb-core/lib/topologies/server.js:116:3)
at .messageHandler (/app/node_modules/mongodb-core/lib/topologies/server.js:282:23)
at Socket.<anonymous> (/app/node_modules/mongodb-core/lib/connection/connection.js:273:22)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:172:18)
at Socket.Readable.push (_stream_readable.js:130:10)
at TCP.onread (net.js:542:20)
name: 'MongoError',
message: 'Authentication failed.',
ok: 0,
code: 18,
errmsg: 'Authentication failed.' }
Is there any extra configuration I need to just run the containers? 我需要运行容器的额外配置吗? I understand that Mongo doesn't create a database unless there's some data to store but I'm not sure if this is related at all. 我知道Mongo不会创建数据库,除非有一些数据要存储,但我不确定这是否相关。
1 个解决方案
解决方案1
4 已采纳 2016-09-08 08:29:49
First lets address your problem: Authentication failed . 首先解决您的问题: Authentication failed 。 sails-mongo cannot connect to mongodb. sails-mongo无法连接到mongodb。 Why is that? 这是为什么? I see that you provided some environment variables to the mongodb docker container: 我看到你为mongodb docker容器提供了一些环境变量:
environment:
MONGODB_PASSWORD: "password"
MONGODB_USER: "user"
MONGODB_DATABASE: "db"
However this is not documented in https://hub.docker.com/_/mongo/ . 但是,这不在https://hub.docker.com/_/mongo/中记录 。 The mongodb container is ignoring this values, thus no authentication is configured. mongodb容器忽略此值,因此未配置身份验证。 sails-mongo will try to authenticate, however this fails because no such user exists. sails-mongo将尝试进行身份验证,但是由于不存在此类用户,因此失败。 You can test it by simply commenting out user and password in config/connections.js . 您只需在config/connections.js注释掉用户和密码即可对其进行测试。 Your service will be able to connect. 您的服务将能够连接。
In https://hub.docker.com/_/mongo/ it is documented how you enable authentication: 在https://hub.docker.com/_/mongo/中 ,记录了如何启用身份验证:
docker run --name some-mongo -d mongo --auth
Adding user: 添加用户:
$ docker exec -it some-mongo mongo admin
connecting to: admin
> db.createUser({ user: 'jsmith', pwd: 'some-initial-password', roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] });
Successfully added user: {
"user" : "jsmith",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
To automate this you could put the user creation in a shell script and trigger it in docker compose. 要自动执行此操作,您可以将用户创建放在shell脚本中并在docker compose中触发它。
There is another solution that you can apply. 您可以应用另一种解决方案。 First ask yourself, why do you need authentication at all? 首先问问自己,为什么需要身份验证? Do you want to access the mongodb instance from any ip address? 您想从任何IP地址访问mongodb实例吗? Then you need authentication. 然后你需要身份验证。 If not you might leave authentication disabled. 如果不是,您可能会禁用身份验证。 If mongodb binds to localhost, nobody outside of localhost will be able to connect to it. 如果mongodb绑定到localhost,则localhost之外的任何人都无法连接到它。
With docker you can harden this even further: any access to the mongodb instance is forbidden. 使用docker,您可以进一步强化:禁止访问mongodb实例。 Only containers that are on the same network as mongodb may connect. 只有与mongodb在同一网络上的容器才可以连接。
Using docker-compose version 2 network feature: 使用docker-compose版本2网络功能:
version: "2"
services:
my-app:
image: myHubRepo/my-app:v1.X.Y
container_name: my-app
environment:
- MONGODB=mongodb:27017
- APP_PORT=80
- STAGE=production
expose:
- "80"
networks:
- back-tier
restart: always
mongodb:
image: mongo
volumes:
- mongodb-data:/data/db
networks:
- back-tier
restart: always
volumes:
mongodb-data:
driver: local
networks:
back-tier:
Mongodb is not accessible from outside of its very own container despite from containers that are on the same network back-tier . Mongodb无法从其自己的容器外部访问,尽管容器位于同一网络的back-tier 。
Adjust env/production.js accordingly: 相应地调整env/production.js :
module.exports = {
connections: {
prodMongoDb: {
adapter: 'sails-mongo',
url: 'mongodb://' + process.env.MONGODB + '/my_app'
}
},
models: {
connection: 'prodMongoDb'
},
port: process.env.APP_PORT || 8080,
log: {
level: "warn"
}
};
For more information on networks with compose: https://docs.docker.com/compose/networking/ 有关compose网络的更多信息,请访问: https : //docs.docker.com/compose/networking/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.