1. 技术文章
  2. PyMongo - UserNotFound: Could not find user authenticated@admin

PyMongo - UserNotFound: Could not find user authenticated@admin

佐手、 提交于 2019-12-13 03:56:16

问题


I checked the permission on the /etc/mongod.conf:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb ls -l /etc/mongod.conf
-rw-r--r-- 1 root root 472 Jun 22 00:09 /etc/mongod.conf

Then, I checked it's corresponding content:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##

## where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true

## where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

## network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0

## mongodb process
processManagement:
  pidFilePath: /var/run/mongod.pid

## role-based access controls
#security:
#   authorization: enabled

Next, I added a mongodb user, adjusted the mongod.conf, and restarted the mongod process:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser({\
    user: 'authenticated',\
    pwd: 'password',\
    roles: [\
        'readWrite',\
        'userAdmin',\
        'dbAdmin',\
        { role: 'readWrite', db: 'dataset' },\
        { role: 'userAdmin', db: 'dataset' },\
        { role: 'dbAdmin', db: 'dataset' },\
    ]\
},\
{ w: 'majority' , wtimeout: 5000 } )" --quiet
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*security:/s/^#//g" /etc/mongod.conf
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*authorization:[[:space:]]*enabled/s/^#//g" /etc/mongod.conf
sudo docker restart mongodb

Now, I was ready to try to implement the pymongo connector, from a docker container:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver python
Python 2.7.6 (default, Oct 26 2016, 20:30:19)
[GCC 4.8.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pymongo import MongoClient, errors
>>> cur = MongoClient("mongodb://authenticated:password@mongodb:27017/admin")
>>> db = cur['dataset']
>>> col = db['svm']
>>> posts = col.posts
>>> result = posts.insert_one({'one': 'two'})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/pymongo/collection.py", line 654, in insert_one
    with self._socket_for_writes() as sock_info:
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 825, in _get_socket
    with server.get_socket(self.__all_credentials) as sock_info:
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/usr/local/lib/python2.7/dist-packages/pymongo/server.py", line 168, in get_socket
    with self.pool.get_socket(all_credentials, checkout) as sock_info:
  File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
    return self.gen.next()
  File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 792, in get_socket
    sock_info.check_auth(all_credentials)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 512, in check_auth
    auth.authenticate(credentials, self)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 470, in authenticate
    auth_func(credentials, sock_info)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 450, in _authenticate_default
    return _authenticate_scram_sha1(credentials, sock_info)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1
    res = sock_info.command(source, cmd)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 419, in command
    collation=collation)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/network.py", line 116, in command
    parse_write_concern_error=parse_write_concern_error)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/helpers.py", line 210, in _check_command_response
    raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: Authentication failed.

I got denied with Authentication failed. I confirmed that our /etc/mongod.conf configuration file was correctly adjusted, with respect to the authorization directive:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##

## where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true

## where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

## network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0

## mongodb process
processManagement:
  pidFilePath: /var/run/mongod.pid

## role-based access controls
security:
   authorization: enabled

Along with checking the logs, and status of the corresponding processes:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver sudo telnet mongodb 27017
Trying 172.18.0.2...
Connected to mongodb.
Escape character is '^]'.
telnet> quit
vagrant@trusty64:/vagrant/test$ cat /var/log/mongodb/mongod.log
[LOGS OMITTED...]
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /var/log/mongodb/mongod.log
2017-06-22T15:47:06.359-0400 I CONTROL  [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] db version v3.2.14
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] allocator: tcmalloc
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] modules: none
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] build environment:
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten]     distmod: ubuntu1404
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten]     distarch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten]     target_arch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL  [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:06.393-0400 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:07.504-0400 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:07.504-0400 I NETWORK  [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:07.505-0400 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:47:08.713-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.2:39746 #1 (1 connection now open)
2017-06-22T15:47:09.008-0400 I COMMAND  [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 151ms
2017-06-22T15:47:09.008-0400 I COMMAND  [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 280ms
2017-06-22T15:47:09.198-0400 I NETWORK  [conn1] end connection 172.18.0.2:39746 (0 connections now open)
2017-06-22T15:47:09.744-0400 I CONTROL  [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends
2017-06-22T15:47:09.749-0400 I FTDC     [signalProcessingThread] Shutting down full-time diagnostic data capture
2017-06-22T15:47:09.753-0400 I CONTROL  [signalProcessingThread] now exiting
2017-06-22T15:47:09.753-0400 I NETWORK  [signalProcessingThread] shutdown: going to close listening sockets...
2017-06-22T15:47:09.753-0400 I NETWORK  [signalProcessingThread] closing listening socket: 6
2017-06-22T15:47:09.753-0400 I NETWORK  [signalProcessingThread] closing listening socket: 7
2017-06-22T15:47:09.753-0400 I NETWORK  [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock
2017-06-22T15:47:09.754-0400 I NETWORK  [signalProcessingThread] shutdown: going to flush diaglog...
2017-06-22T15:47:09.754-0400 I NETWORK  [signalProcessingThread] shutdown: going to close sockets...
2017-06-22T15:47:09.754-0400 I STORAGE  [signalProcessingThread] WiredTigerKVEngine shutting down
2017-06-22T15:47:10.044-0400 I STORAGE  [signalProcessingThread] shutdown: removing fs lock...
2017-06-22T15:47:10.045-0400 I CONTROL  [signalProcessingThread] dbexit:  rc: 0
2017-06-22T15:47:10.825-0400 I CONTROL  [main] ***** SERVER RESTARTED *****
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] db version v3.2.14
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] allocator: tcmalloc
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] modules: none
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten] build environment:
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten]     distmod: ubuntu1404
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten]     distarch: x86_64
2017-06-22T15:47:10.922-0400 I CONTROL  [initandlisten]     target_arch: x86_64
2017-06-22T15:47:10.923-0400 I CONTROL  [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:10.940-0400 I -        [initandlisten] Detected data files in /var/lib/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-06-22T15:47:10.940-0400 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:13.466-0400 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:13.467-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL  [initandlisten]
2017-06-22T15:47:13.876-0400 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:13.876-0400 I NETWORK  [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:13.876-0400 I NETWORK  [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:48:13.362-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39426 #1 (1 connection now open)
2017-06-22T15:48:13.492-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39428 #2 (2 connections now open)
2017-06-22T15:48:13.528-0400 I ACCESS   [conn2] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:30.488-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39454 #3 (3 connections now open)
2017-06-22T15:48:30.493-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39456 #4 (4 connections now open)
2017-06-22T15:48:30.495-0400 I ACCESS   [conn4] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:34.065-0400 I NETWORK  [conn2] end connection 172.18.0.6:39428 (3 connections now open)
2017-06-22T15:48:34.065-0400 I NETWORK  [conn1] end connection 172.18.0.6:39426 (2 connections now open)
2017-06-22T15:48:44.930-0400 I NETWORK  [conn4] end connection 172.18.0.6:39456 (1 connection now open)
2017-06-22T15:48:44.930-0400 I NETWORK  [conn3] end connection 172.18.0.6:39454 (0 connections now open)
2017-06-22T15:48:46.287-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39484 #5 (1 connection now open)
2017-06-22T15:48:46.291-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39486 #6 (2 connections now open)
2017-06-22T15:48:46.293-0400 I ACCESS   [conn6] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:58.031-0400 I NETWORK  [conn6] end connection 172.18.0.6:39486 (1 connection now open)
2017-06-22T15:48:58.032-0400 I NETWORK  [conn5] end connection 172.18.0.6:39484 (0 connections now open)
2017-06-22T15:49:02.907-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39512 #7 (1 connection now open)
2017-06-22T15:49:02.912-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.6:39514 #8 (2 connections now open)
2017-06-22T15:49:02.915-0400 I ACCESS   [conn8] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:49:10.806-0400 I NETWORK  [conn8] end connection 172.18.0.6:39514 (1 connection now open)
2017-06-22T15:49:10.807-0400 I NETWORK  [conn7] end connection 172.18.0.6:39512 (0 connections now open)

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb netstat -ntlup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:27017           0.0.0.0:*               LISTEN      1/mongod
tcp        0      0 127.0.0.11:44122        0.0.0.0:*               LISTEN      -
udp        0      0 127.0.0.11:49005        0.0.0.0:*

I thought that I had created a user based on the above steps. Have I instead created a user on a local database? I can successfully login with the authenticated user (not to a specific database):

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb mongo --port 27017 -u authenticated -p password
MongoDB shell version: 3.2.14
connecting to: 127.0.0.1:27017/test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        http://docs.mongodb.org/
Questions? Try the support group
        http://groups.google.com/group/mongodb-user
>

Note: I have a corresponding github issue, to track the progress of this question.

Perhaps, I need to pay particular notice to the following sub-snippet taken from the above /var/log/mongodb/mongod.log:

2017-06-22T17:49:49.663-0400 I NETWORK  [initandlisten] connection accepted from 172.18.0.2:40926 #1 (1 connection now open)
2017-06-22T17:49:50.180-0400 I COMMAND  [conn1] update admin.system.version query: { _id: "authSchema" } update: { $set: { currentVersion: 5 } } keysExamined:0 docsExamined:0 nMatched:1 nModified:1 upsert:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { W: 2 } } } 428ms
2017-06-22T17:49:50.397-0400 I COMMAND  [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 188ms
2017-06-22T17:49:50.397-0400 I COMMAND  [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 703ms

Which may have something related to the successive snippet, from the same log file:

2017-06-22T17:59:38.129-0400 I ACCESS   [conn10] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.4 ; UserNotFound: Could not find user authenticated@admin

回答1:


I spoke with you on IRC earlier.

The problem is that when you're creating your user with the line

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser(...

You are not actually setting the db variable to the sibling(admin) database. You are simply invoking a function that returns a database.

You need to use the command db = db.getSiblingDB('admin'); in the shell to set the current database to the 'admin' database.

You can also use the shorthand use admin.

Or you can include the admin database in your mongod invocation and forego the eval'd db switch altogether. The database name is usually the first parameter of the mongod executable. I'm not 100% certain how it would translate to your docker command.

Perhaps vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo admin mongodb://mongodb:27017 --eval "db.createUser(...

Cheers!



来源:https://stackoverflow.com/questions/44698748/pymongo-usernotfound-could-not-find-user-authenticatedadmin

标签
mongodb
Docker
pymongo-3.x
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!