堆栈内存溢出
  简体   繁体   English

为什么 Neo4J docker 身份验证不起作用

[英]Why Neo4J docker authentication doesn't work

 原文  2019-03-13 22:47:39       docker/ authentication/ neo4j/ docker-compose

问题描述

I want to run a Neo4J instance through docker using a docker-compose.我想使用 docker-compose 通过 docker 运行一个 Neo4J 实例。

docker-compose.yml docker-compose.yml

version: '3'
services:
  neo4j:
    container_name: neo4j-lab
    image: neo4j:latest
    environment:
      - NEO4J_dbms_memory_pagecache_size=2G
      - NEO4J_dbms_memory_heap_maxSize=4G
      - NEO4J_dbms_memory_heap_initialSize=512M
      - NEO4J_AUTH=neo4j/changeme
    ports:
      - 7474:7474
      - 7687:7687
    volumes:
      - neo4j_data:/data
      - neo4j_conf:/conf
      - ./import:/import
volumes:
  neo4j_data:
  neo4j_conf:

Running the following with docker-compose up is perfectly fine, and I can reach the login screen.使用docker-compose up运行以下命令非常好,我可以到达登录屏幕。

But when I set the credentials, I get the following error on my container logs : Neo.ClientError.Security.Unauthorized The client is unauthorized due to authentication failure.但是当我设置凭据时,我的容器日志中出现以下错误: Neo.ClientError.Security.Unauthorized 由于身份验证失败,客户端未经授权。 whereas I am sure that I fill with right credentials (the ones used in my docker-compose file)而我确信我填写了正确的凭据(我的 docker-compose 文件中使用的凭据)

Furthermore,此外,

  • when I set NEO4J_AUTH to none , then no credentials have been asked.当我将NEO4J_AUTH设置为none ,则没有询问任何凭据。

  • when I set it to neo4j/neo4j it said that I can't use the default password当我将其设置为neo4j/neo4j它说我不能使用默认密码

According the documentation, this is perfectly fine :根据文档,这完全没问题:

By default Neo4j requires authentication and requires you to login with neo4j/neo4j at the first connection and set a new password.默认情况下,Neo4j 需要身份验证,并要求您在第一次连接时使用 neo4j/neo4j 登录并设置新密码。 You can set the password for the Docker container directly by specifying --env NEO4J_AUTH=neo4j/password in your run directive.您可以通过在运行指令中指定 --env NEO4J_AUTH=neo4j/password 来直接设置 Docker 容器的密码。 Alternatively, you can disable authentication by specifying --env NEO4J_AUTH=none instead.或者,您可以通过指定 --env NEO4J_AUTH=none 来禁用身份验证。

Do you have any idea of what's going on ?你知道发生了什么吗?

Hope you could help me to solve this !希望你能帮我解决这个问题!

EDIT编辑

Docker logs output : Docker 日志输出:

neo4j-lab | 2019-03-13 23:02:32.378+0000 INFO  Starting...
neo4j-lab | 2019-03-13 23:02:37.796+0000 INFO  Bolt enabled on 0.0.0.0:7687.
neo4j-lab | 2019-03-13 23:02:41.102+0000 INFO  Started.
neo4j-lab | 2019-03-13 23:02:43.935+0000 INFO  Remote interface available at http://localhost:7474/
neo4j-lab | 2019-03-13 23:02:56.105+0000 WARN  The client is unauthorized due to authentication failure.

EDIT 2 :编辑 2:

It seems that deleting the volume associated first works.似乎首先删除关联的卷有效。 The password is now changed.现在密码已更改。

However, if I docker-compose down then docker-compose up whereas I change the password in my docker-compose file then the issue reappears.但是,如果我docker-compose down然后docker-compose up而我更改了我的docker-compose file的密码,那么问题就会再次出现。

So I think that when we change the password through docker-compose more than once while a volume exists, we need to remove the auth file presents in the volumes.所以我认为当我们在卷存在的情况下通过 docker-compose多次更改密码时,我们需要删除卷中的auth文件。

To do that :要做到这一点 :

docker volume inspect <volume_name>

You should get something like that :你应该得到这样的东西:

[
    {
        "CreatedAt": "2019-03-14T11:17:08+01:00",
        "Driver": "local",
        "Labels": {
            "com.docker.compose.project": "neo4j",
            "com.docker.compose.volume": "neo4j_data"
        },
        "Mountpoint": "/data/docker/volumes/neo4j_neo4j_data/_data",
        "Name": "neo4j_neo4j_data",
        "Options": null,
        "Scope": "local"
    }
]

This is obviously different if you named your container and your volumes not like me (neo4j, neo4j_data).如果你命名你的容器和你的卷不像我(neo4j,neo4j_data),这显然是不同的。

The important part is the Mountpoint which locates the volume.重要的部分是定位卷的挂载点

In this volume, you can delete the auth file which is in dbms directory.在此卷中,您可以删除dbms目录中的auth文件。

Then restart your docker and everything should be fine.然后重新启动您的 docker,一切都应该没问题。

2 个解决方案

解决方案1
 7  2020-03-19 08:37:50

Neo4j docker developer here. Neo4j 码头开发人员在这里。

The reason this is happening is that the NEO4J_AUTH environment variable doesn't set the database password, it sets the INITIAL password only.发生这种情况的原因是NEO4J_AUTH环境变量没有设置数据库密码,它只设置了INITIAL密码。

If you're mounting a data volume with an existing database inside, then NEO4J_AUTH has no effect because that database already has a password.如果您正在挂载一个内部已有数据库的数据卷,则NEO4J_AUTH无效,因为该数据库已经有密码。 It sounds like that's what you're experiencing here.听起来这就是您在这里遇到的情况。

The documentation around this feature was not great and I've updated it!围绕此功能的文档不是很好,我已经更新了它! See: Neo4j docker authentication documentation请参阅: Neo4j docker 身份验证文档

解决方案2
 2  2020-08-19 02:40:16

define Neo4j password with docker-compose使用 docker-compose 定义 Neo4j 密码

neo4j:
   image: 'neo4j:4.1'
   environment:
      NEO4J_AUTH: 'neo4j/your_password'
   ports:
      - "7474:7474"
   volumes:
      ...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Neo4j HA模型在Docker中不起作用 - Neo4j HA model don't work in docker Docker和Neo4J - Docker and Neo4J 使用 Docker 安装 Neo4j - Install Neo4j with Docker Neo4J Docker 约束 - Neo4J Docker Constraints 无法将BOLT连接到docker Neo4j - Can't connect with BOLT to a docker Neo4j docker-compose bolt 地址从 neo4j 3.4.10 升级到 3.5.3 后不起作用 - docker-compose bolt address isn't working after upgrading neo4j to 3.5.3 from neo4j 3.4.10 无法使用Neo4j docker image在以下位置加载外部资源:file:/ var / lib / neo4j / import - Couldn't load the external resource at: file:/var/lib/neo4j/import with Neo4j docker image Docker中的Localhost-Neo4j - Localhost inside docker - neo4j 恢复到Neo4j Docker容器 - Restoring to a neo4j docker container neo4j 中的 docker 卷权限 - docker volume permissions in neo4j
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM