gpt4 book ai didi

mongodb - 无法使用脚本中创建的用户对dockerized mongodb实例进行身份验证

转载 作者:行者123 更新时间:2023-12-02 21:32:19 24 4
gpt4 key购买 nike

我在docker-compose.yml内部配置了一个mongo实例(变量来自我的.env文件,使用管理员帐户没有问题,因此我认为它们不是问题的起因):

services:
mongo:
build: ./docker/mongo
container_name: pname_mongo
environment:
- MONGO_INITDB_DATABASE=${MONGO_DATABASE}
- MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
ports:
- 27017:27017
restart: unless-stopped
volumes:
- ./data/mongo:/data/db
然后在 docker/mongo内部是以下 Dockerfile:
FROM mongo
WORKDIR /docker-entrypoint-initdb.d/
COPY graylog-user.js ./
graylog-user.js的内容如下:
db.createUser({
pwd: "redacted-password",
roles: [{
db: "graylog",
role: "readWrite"
}],
user: "graylog"
});
删除 data/mongo的内容后,当我运行 docker-compose up时,数据库似乎已正确初始化:
mongo_1          | Successfully added user: {
mongo_1 | "user" : "pname",
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "role" : "root",
mongo_1 | "db" : "admin"
mongo_1 | }
mongo_1 | ]
mongo_1 | }
mongo_1 | Error saving history file: FileOpenFailed Unable to open() file /home/mongodb/.dbshell: No such file or directory
mongo_1 | {"t":{"$date":"2020-10-02T21:43:01.568+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn2","msg":"Connection ended","attr":{"remote":"127.0.0.1:55612","connectionId":2,"connectionCount":0}}
mongo_1 |
mongo_1 | /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/graylog-user.js
mongo_1 | {"t":{"$date":"2020-10-02T21:43:01.627+00:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:55616","connectionId":3,"connectionCount":1}}
mongo_1 | {"t":{"$date":"2020-10-02T21:43:01.628+00:00"},"s":"I", "c":"NETWORK", "id":51800, "ctx":"conn3","msg":"client metadata","attr":{"remote":"127.0.0.1:55616","client":"conn3","doc":{"application":{"name":"MongoDB Shell"},"driver":{"name":"MongoDB Internal Client","version":"4.4.1"},"os":{"type":"Linux","name":"Ubuntu","architecture":"x86_64","version":"18.04"}}}}
mongo_1 | Successfully added user: {
mongo_1 | "roles" : [
mongo_1 | {
mongo_1 | "db" : "graylog",
mongo_1 | "role" : "readWrite"
mongo_1 | }
mongo_1 | ],
mongo_1 | "user" : "graylog"
mongo_1 | }
mongo_1 | {"t":{"$date":"2020-10-02T21:43:01.679+00:00"},"s":"I", "c":"NETWORK", "id":22944, "ctx":"conn3","msg":"Connection ended","attr":{"remote":"127.0.0.1:55616","connectionId":3,"connectionCount":0}}
但是,无论我做什么,我都无法与该用户登录。在这里,您可以看到我尝试使用mongo容器内的cli登录:
> use graylog
switched to db graylog
> db.auth({
... user: "graylog",
... pwd: "redacted-password",
... digestPassword: false
... })
Error: Authentication failed.
0
> db.auth({
... user: "graylog",
... pwd: "redacted-password",
... digestPassword: true
... })
Error: Authentication failed.
0
但是,当我使用admin帐户登录时,我可以看到该用户实际上是已创建的(我已经编辑了所有哈希,盐等。我想它们在部署到生产环境中时会发生变化,但是比遗憾的要好得多,对吗? ):
> use admin
switched to db admin
> db.auth('pname', 'redacted-admin-password')
1
> show collections
system.users
system.version
> db.system.users.find()
{ "_id" : "admin.pname", "userId" : UUID("a8f150a6-83f6-4fef-8457-a6afae5e6b72"), "user" : "pname", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "redacted", "storedKey" : "redacted", "serverKey" : "redacted" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "redacted", "storedKey" : "redacted", "serverKey" : " to production" } }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "pname.graylog", "userId" : UUID("4d13d6d6-1f19-4f7c-97ba-6aef11f88587"), "user" : "graylog", "db" : "pname", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "redacted", "storedKey" : "redacted", "serverKey" : "redacted" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "redacted", "storedKey" : "redacted", "serverKey" : "redacted" } }, "roles" : [ { "role" : "readWrite", "db" : "graylog" } ] }
我想念什么?我跳过了一步吗?

最佳答案

用户graylog是在数据库pname中创建的,并且仅对db graylog授予了readWrite权限。
该用户在连接时需要将身份验证数据库设置为pname,但是我认为不允许在特定数据库中创建的用户被授予对其他数据库的许可。
您可以尝试更改graylog-user.js以在graylog数据库中创建用户:

db.getSiblingDB("graylog").createUser({

关于mongodb - 无法使用脚本中创建的用户对dockerized mongodb实例进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64182140/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com