发表新帖
发表新帖

How to enable authentication on MongoDB through Docker?

后端 未结
关注
10 2056
没有蜡笔的小新
没有蜡笔的小新 2020-11-29 18:53

I want to spin-up a docker for mongodb:latest but allow only certain user(s) to access certain db(s) (i.e. enable --auth). No one else should acces

相关标签:
10条回答
  • 暖寄归人
    2020-11-29 18:56

    @jbochniak: Thanks, although at first read I thought I've already discovered all of this, it turned out that your example (esp. the version of the Mongo Docker image) helped me out!

    That version (v3.4.2) and the v3.4 (currently corresponding to v3.4.3) still support 'MONGO_INITDB_ROOT' specified through those variables, as of v3.5 (at least tags '3' and 'latest') DON'T work as described in your answer and in the docs.

    I quickly had a look at the code on GitHub, but saw similar usage of these variables and couldn't find the bug immediately, should do so before filing this as a bug...

    0 讨论(0)
  • 执念已碎
    2020-11-29 19:05

    The Dockerfile for the official mongo image is here. The default command is mongod but you can override to add the --auth switch assuming user's are already configured. 

    docker run -d .... mongodb:latest mongod --auth

    If the user has to be created then you need to volume mount a startup script into /entrypoint.sh to replace the default startup script and then have that script create users and start mongo with the auth switch. 

    docker run -d .... -v $PWD/my_custom_script.sh:/entrypoint.sh mongodb:latest
    0 讨论(0)
  • 北恋
    2020-11-29 19:05

    use this images to fix:

    With docker-compose.yml

    services:
  db:
    image: aashreys/mongo-auth:latest
    environment:
      - AUTH=yes
      - MONGODB_ADMIN_USER=admin
      - MONGODB_ADMIN_PASS=admin123
      - MONGODB_APPLICATION_DATABASE=sample
      - MONGODB_APPLICATION_USER=aashrey
      - MONGODB_APPLICATION_PASS=admin123
    ports:
      - "27017:27017"
     // more configuration
    • aashreys/mongo-auth - Docker Hub
    • aashreys/docker-mongo-auth: Easily setup authentication on Docker's Official MongoDB image.
    0 讨论(0)
  • 忘了有多久
    2020-11-29 19:06

    If you take a look at:

    • https://github.com/docker-library/mongo/blob/master/4.2/Dockerfile
    • https://github.com/docker-library/mongo/blob/master/4.2/docker-entrypoint.sh#L303-L313

    you will notice that there are two variables used in the docker-entrypoint.sh:

    • MONGO_INITDB_ROOT_USERNAME
    • MONGO_INITDB_ROOT_PASSWORD

    You can use them to setup root user. For example you can use following docker-compose.yml file:

    mongo-container:
  image: mongo:3.4.2
  environment:
      # provide your credentials here
      - MONGO_INITDB_ROOT_USERNAME=root
      - MONGO_INITDB_ROOT_PASSWORD=rootPassXXX
  ports:
    - "27017:27017"
  volumes:
      # if you wish to setup additional user accounts specific per DB or with different roles you can use following entry point
    - "$PWD/mongo-entrypoint/:/docker-entrypoint-initdb.d/"
  # no --auth is needed here as presence of username and password add this option automatically
  command: mongod

    Now when starting the container by docker-compose up you should notice following entries:

    ...
I CONTROL  [initandlisten] options: { net: { bindIp: "127.0.0.1" }, processManagement: { fork: true }, security: { authorization: "enabled" }, systemLog: { destination: "file", path: "/proc/1/fd/1" } }
...
I ACCESS   [conn1] note: no users configured in admin.system.users, allowing localhost access
...
Successfully added user: {
    "user" : "root",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}

    To add custom users apart of root use the entrypoint exectuable script (placed under $PWD/mongo-entrypoint dir as it is mounted in docker-compose to entrypoint):

    #!/usr/bin/env bash
echo "Creating mongo users..."
mongo admin --host localhost -u USER_PREVIOUSLY_DEFINED -p PASS_YOU_PREVIOUSLY_DEFINED --eval "db.createUser({user: 'ANOTHER_USER', pwd: 'PASS', roles: [{role: 'readWrite', db: 'xxx'}]}); db.createUser({user: 'admin', pwd: 'PASS', roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]});"
echo "Mongo users created."

    Entrypoint script will be executed and additional users will be created.

    0 讨论(0)
  • 慢半拍i
    2020-11-29 19:07

    Just dropping a .js file into the entry point init folder works for this

    e.g. entrypoint.js

    var db = connect("mongodb://localhost/admin");

db.createUser(
    {
        user: "yourAdminUserName",
        pwd: "yourAdminPassword",
        roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
    }
)

    docker-compose.yml:

    db:
  image: mongo:3.2
  volumes:
   - /my/own/datadir:/data/db
   - ../mongo-entrypoint:/docker-entrypoint-initdb.d

    Doing the rest by hand or more of the same works.

    If you want to you can also drop a .sh file into the init folder to clean up the files so they are not laying around: zz-cleanup.sh.

    0 讨论(0)
  • 灰色年华
    2020-11-29 19:09

    I want to comment but don't have enough reputation.

    The user-adding executable script shown above has to be modified with --authenticationDatabase admin and NEWDATABASENAME.

    mongo --authenticationDatabase admin --host localhost -u USER_PREVIOUSLY_DEFINED -p PASS_YOU_PREVIOUSLY_DEFINED NEWDATABASENAME --eval "db.createUser({user: 'NEWUSERNAME', pwd: 'PASSWORD', roles: [{role: 'readWrite', db: 'NEWDATABASENAME'}]});"

    https://i.stack.imgur.com/MdyXo.png

    0 讨论(0)
 看不清?
提交回复
热议问题