[英]docker-compose create mongo container with username and password
I have a mongo container being created in Compose:我在 Compose 中创建了一个 mongo 容器:
version: '2'
volumes:
mongodata:
driver: local
services:
mongo:
image: mongo:latest
hostname: ${MONGODB_HOST}
restart: always
ports:
- "27017:27017"
volumes:
- mongodata:/data/db
This works perfectly, however now I want to put a password on the database.这非常有效,但是现在我想在数据库上输入密码。 To do so, firstly as I understand it I need to create the database, add a password, then restart it with the
--auth
flag.为此,据我所知,首先我需要创建数据库,添加密码,然后使用
--auth
标志重新启动它。 My question is how to do this process with docker-compose.我的问题是如何使用 docker-compose 执行此过程。
I can do this if I do everything without docker-compose. The issues that I can see arising with compose are:如果我在没有 docker-compose 的情况下做所有事情,我可以做到这一点。我可以看到 compose 引起的问题是:
a) docker-compose works inside a docker.network. a) docker-compose 在 docker.network 中工作。 b) docker-compose can't run different commands at the beginning as during production.
b) docker-compose 不能在生产开始时运行不同的命令。 - this is important because although some people say that you can run
--auth
at the beginning and it will allow you to set a password the first time, this doesn't seem to be the case. - 这很重要,因为虽然有些人说您可以在开始时运行
--auth
并且它将允许您在第一次设置密码,但事实并非如此。
One solution I began working on was a shell script I would run on all my servers before running docker-compose file:我开始研究的一个解决方案是一个 shell 脚本,我会在运行 docker-compose 文件之前在我的所有服务器上运行:
# start the temporary container
docker run -d -v /tmp/mongodb --name tmpdb -e MONGODB_DBNAME=db_test mongo --auth
# do the user creation
docker run -it --link tmpdb --rm mongo sh -c 'mongo --host tmpdb --eval "db.createUser({ user: \"admin\", pwd: \"password\", roles: [ { role: \"root\", db: \"admin\" } ] });"'
# stop the server
docker stop tmpdb
# create new mongodb container, using the old ones data
docker run -d -p 27017:27017 --name mongo2 -e MONGODB_DBNAME=db_test mongo --auth
# clean up old container (we are using the volumes so they will stick around)
docker rm tmpdb
This file creates a temporary container, sets a username/password on it, stops the original container, creates a new one using the old ones volume container, and deletes the original one.该文件创建一个临时容器,在其上设置用户名/密码,停止原始容器,使用旧卷容器创建新容器,并删除原始容器。 The new mongo container now has a password on.
新的 mongo 容器现在有一个密码。
So my conclusive question is, whats the best way to do this in docker-compose?所以我最后的问题是,在 docker-compose 中最好的方法是什么?
My other containers in my docker-compose file need to be able to access mongo so i think the volume container holding the mongo data needs to be in the same.network that the docker-compose creates我的 docker-compose 文件中的其他容器需要能够访问 mongo,所以我认为保存 mongo 数据的卷容器需要位于 docker-compose 创建的同一个网络中
The mongo:latest image at the time of writing (v 3.5) accepts two environment variables, MONGO_INITDB_ROOT_USERNAME
and MONGO_INITDB_ROOT_PASSWORD
. mongo:编写时的最新图像(v 3.5)接受两个环境变量
MONGO_INITDB_ROOT_USERNAME
和MONGO_INITDB_ROOT_PASSWORD
。
When these are set, the container's entrypoint script will start the mongod service with --auth, then create an admin user with the provided credentials. 设置这些后,容器的入口点脚本将使用--auth启动mongod服务,然后使用提供的凭据创建管理员用户。
This is currently not documented in their README
, but there's a GitHub issue tracking progress on that matter, and the source is available on line 104
of the docker-entrypoint.sh script. 目前没有在
README
文件中记录这一点,但是有一个GitHub问题跟踪进展,并且源代码可以在docker-entrypoint.sh脚本的第104
行获得 。
To use these variables in your docker-compose.yml
, see the following snippet: 要在
docker-compose.yml
使用这些变量,请参阅以下代码段:
version: '3'
services:
mongodb:
image: mongo:3.5
hostname: ${MONGODB_HOST}
environment:
- MONGO_INITDB_ROOT_USERNAME=alice
- MONGO_INITDB_ROOT_PASSWORD=super-secret-password
restart: on-failure
ports:
- 27017:27017
volumes:
- ./mongodb:/data/db
Anyone have answer for this?有人对此有答案吗? I have created the docker-compose.yml as below,while it still with error fail with authentication : enter image description here
我已经创建了 docker-compose.yml,如下所示,虽然它仍然出现错误,但身份验证失败:在此处输入图像描述
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.