stackoom
  简体   繁体   中英

ansible module mongodb_user produces “not authorized for insert on dname.system.users”

 原文  2016-01-14 16:38:52       mongodb/ ansible

Question

I'm trying to add a user to a mongodb database via ansible using the "mongodb_user" module.

The exact configuration (actual usernames and passwords switched out, of course) I am using is: 

- name: set up mongodb credentials
  mongodb_user: name=new_db_user password=user_pwd database=mydb roles='readWrite' state=present login_user=admin login_password=admin_pwd login_database=admin

The result (using -vvvv ) I am getting is this, however (output formatted for readability): 

fatal: [some.host.net]: FAILED! => {
"changed": false,
  "failed": true,
  "invocation": {
    "module_args": {
      "database": "mydb",
      "login_database": "admin",
      "login_host": "localhost",
      "login_password": "admin_pwd",
      "login_port": "27017",
      "login_user": "admin",
      "name": "new_db_user",
      "password": "user_pwd",
      "replica_set": null,
      "roles": [
        "readWrite"
      ],
      "ssl": false,
      "state": "present",
      "update_password": "always"
    },
    "module_name": "mongodb_user"
  },
  "msg": "not authorized for insert on mydb.system.users"
}

While this looks like a simple permission issue, it unfortunately doesn't seem to be. The admin user I am using has the root role, and performing the exact same operation (using the exact same credentials) directly via the commandline on the remote machine adds the user without issue: 

[root@somehost etc]# mongo admin -u admin -p
MongoDB shell version: 2.6.9
Enter password: 
connecting to: admin
> use mydb
switched to db mydb
> db.createUser({user: 'new_db_user', pwd: 'user_pwd', roles: ['readWrite']})
Successfully added user: { "user" : "new_db_user", "roles" : [ "readWrite" ] }

I've checked, double checked and triple checked all usernames and passwords, and they're definitely correct. Changing databases or usernames produces the same error as well.

edit: Additionally, I tried setting the admin user's role to "userAdminAnyDatabase", as well as "userAdmin" and combine that with various other administrative roles, the result was the exact same each time, however. Thanks to Raul Hugo for pointing this out.

I am using ansible 2.0 (same error with ansible 1.9), mongodb version is 2.6.9 running on RHEL 7.1.

1 answers

solution1
 1 ACCPTED  2016-01-14 19:43:07

I've been trying to reproduce the issue without success. 

ansible -i hosts mongo --user vagrant -k -m  name=new_db_user -m mongodb_user -a "name=new_db_user password=user_pwd database=mydb roles='readWrite' state=present login_user=admin1 login_password=admin_pwd1 login_database=admin"
SSH password:
local | SUCCESS => {
    "changed": true,
    "user": "new_db_user"
}

But the problem is the version of the auth algorithm on MongoDB , the last pymongo library uses SCRAM-SHA algoritm , and MongoDB 2.6 uses MONGO-CR by default. That is the reason for the problem.

You could upgrade your Mongodb Version or change your auth algoritm on 2.6. You could find information about the process here https://docs.mongodb.org/manual/release-notes/3.0-scram/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How ansible mongodb_user,mongodb_replicaset modules working? MongoDB not authorized for query admin.system.users Role on mongodb - can insert even the user is not authorized MongoDB Error: “not authorized for query on admin.system.users” com.mongodb.MongoException: not authorized for insert on myworld.Users MongoDB User Is Not Authorized To MongoDB - admin user not authorized not authorized for query on admin.system.users - first user created MongoDB perl module: “query error: not authorized for query” insert mongodb user id inside another users schema
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM