0
我檢查了/etc/mongod.conf權限:PyMongo - UserNotFound:找不到用戶身份驗證@聯繫
[email protected]:/vagrant/test$ sudo docker exec -it mongodb ls -l /etc/mongod.conf
-rw-r--r-- 1 root root 472 Jun 22 00:09 /etc/mongod.conf
然後,我檢查它的相應的內容:
[email protected]:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##
## where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
## where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
## network interfaces
net:
port: 27017
bindIp: 0.0.0.0
## mongodb process
processManagement:
pidFilePath: /var/run/mongod.pid
## role-based access controls
#security:
# authorization: enabled
接下來,我添加了一個MongoDB的用戶,調整了mongod.conf,並重新啓動的mongod過程:
[email protected]:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser({\
user: 'authenticated',\
pwd: 'password',\
roles: [\
'readWrite',\
'userAdmin',\
'dbAdmin',\
{ role: 'readWrite', db: 'dataset' },\
{ role: 'userAdmin', db: 'dataset' },\
{ role: 'dbAdmin', db: 'dataset' },\
]\
},\
{ w: 'majority' , wtimeout: 5000 })" --quiet
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*security:/s/^#//g" /etc/mongod.conf
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*authorization:[[:space:]]*enabled/s/^#//g" /etc/mongod.conf
sudo docker restart mongodb
現在,我準備嘗試實施的pymongo連接器,從碼頭工人容器:
[email protected]:/vagrant/test$ sudo docker exec -it webserver python
Python 2.7.6 (default, Oct 26 2016, 20:30:19)
[GCC 4.8.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pymongo import MongoClient, errors
>>> cur = MongoClient("mongodb://authenticated:[email protected]:27017/admin")
>>> db = cur['dataset']
>>> col = db['svm']
>>> posts = col.posts
>>> result = posts.insert_one({'one': 'two'})
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/pymongo/collection.py", line 654, in insert_one
with self._socket_for_writes() as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 825, in _get_socket
with server.get_socket(self.__all_credentials) as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/server.py", line 168, in get_socket
with self.pool.get_socket(all_credentials, checkout) as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 792, in get_socket
sock_info.check_auth(all_credentials)
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 512, in check_auth
auth.authenticate(credentials, self)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 470, in authenticate
auth_func(credentials, sock_info)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 450, in _authenticate_default
return _authenticate_scram_sha1(credentials, sock_info)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1
res = sock_info.command(source, cmd)
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 419, in command
collation=collation)
File "/usr/local/lib/python2.7/dist-packages/pymongo/network.py", line 116, in command
parse_write_concern_error=parse_write_concern_error)
File "/usr/local/lib/python2.7/dist-packages/pymongo/helpers.py", line 210, in _check_command_response
raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: Authentication failed.
我得到Authentication failed拒絕。我證實,我們/etc/mongod.conf配置文件被正確調整,關於authorization指令:
[email protected]:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##
## where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
## where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
## network interfaces
net:
port: 27017
bindIp: 0.0.0.0
## mongodb process
processManagement:
pidFilePath: /var/run/mongod.pid
## role-based access controls
security:
authorization: enabled
隨着檢查日誌,以及相應的流程的狀態:
[email protected]:/vagrant/test$ sudo docker exec -it webserver sudo telnet mongodb 27017
Trying 172.18.0.2...
Connected to mongodb.
Escape character is '^]'.
telnet> quit
[email protected]:/vagrant/test$ cat /var/log/mongodb/mongod.log
[LOGS OMITTED...]
[email protected]:/vagrant/test$ sudo docker exec -it mongodb cat /var/log/mongodb/mongod.log
2017-06-22T15:47:06.359-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] db version v3.2.14
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] allocator: tcmalloc
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] modules: none
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] build environment:
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distmod: ubuntu1404
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distarch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] target_arch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:06.393-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.504-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:07.504-0400 I NETWORK [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:07.505-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:47:08.713-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:39746 #1 (1 connection now open)
2017-06-22T15:47:09.008-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 151ms
2017-06-22T15:47:09.008-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 280ms
2017-06-22T15:47:09.198-0400 I NETWORK [conn1] end connection 172.18.0.2:39746 (0 connections now open)
2017-06-22T15:47:09.744-0400 I CONTROL [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends
2017-06-22T15:47:09.749-0400 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture
2017-06-22T15:47:09.753-0400 I CONTROL [signalProcessingThread] now exiting
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets...
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 6
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 7
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock
2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to flush diaglog...
2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to close sockets...
2017-06-22T15:47:09.754-0400 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down
2017-06-22T15:47:10.044-0400 I STORAGE [signalProcessingThread] shutdown: removing fs lock...
2017-06-22T15:47:10.045-0400 I CONTROL [signalProcessingThread] dbexit: rc: 0
2017-06-22T15:47:10.825-0400 I CONTROL [main] ***** SERVER RESTARTED *****
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] db version v3.2.14
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] allocator: tcmalloc
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] modules: none
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] build environment:
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distmod: ubuntu1404
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distarch: x86_64
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] target_arch: x86_64
2017-06-22T15:47:10.923-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:10.940-0400 I - [initandlisten] Detected data files in /var/lib/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-06-22T15:47:10.940-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:13.466-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:13.467-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.876-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:13.876-0400 I NETWORK [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:13.876-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:48:13.362-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39426 #1 (1 connection now open)
2017-06-22T15:48:13.492-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39428 #2 (2 connections now open)
2017-06-22T15:48:13.528-0400 I ACCESS [conn2] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user [email protected]
2017-06-22T15:48:30.488-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39454 #3 (3 connections now open)
2017-06-22T15:48:30.493-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39456 #4 (4 connections now open)
2017-06-22T15:48:30.495-0400 I ACCESS [conn4] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user [email protected]
2017-06-22T15:48:34.065-0400 I NETWORK [conn2] end connection 172.18.0.6:39428 (3 connections now open)
2017-06-22T15:48:34.065-0400 I NETWORK [conn1] end connection 172.18.0.6:39426 (2 connections now open)
2017-06-22T15:48:44.930-0400 I NETWORK [conn4] end connection 172.18.0.6:39456 (1 connection now open)
2017-06-22T15:48:44.930-0400 I NETWORK [conn3] end connection 172.18.0.6:39454 (0 connections now open)
2017-06-22T15:48:46.287-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39484 #5 (1 connection now open)
2017-06-22T15:48:46.291-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39486 #6 (2 connections now open)
2017-06-22T15:48:46.293-0400 I ACCESS [conn6] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user [email protected]
2017-06-22T15:48:58.031-0400 I NETWORK [conn6] end connection 172.18.0.6:39486 (1 connection now open)
2017-06-22T15:48:58.032-0400 I NETWORK [conn5] end connection 172.18.0.6:39484 (0 connections now open)
2017-06-22T15:49:02.907-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39512 #7 (1 connection now open)
2017-06-22T15:49:02.912-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39514 #8 (2 connections now open)
2017-06-22T15:49:02.915-0400 I ACCESS [conn8] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user [email protected]
2017-06-22T15:49:10.806-0400 I NETWORK [conn8] end connection 172.18.0.6:39514 (1 connection now open)
2017-06-22T15:49:10.807-0400 I NETWORK [conn7] end connection 172.18.0.6:39512 (0 connections now open)
[email protected]:/vagrant/test$ sudo docker exec -it mongodb netstat -ntlup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1/mongod
tcp 0 0 127.0.0.11:44122 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.11:49005 0.0.0.0:*
我認爲我有根據上述步驟創建一個用戶。我是否在本地數據庫上創建了一個用戶?我可以用authenticated用戶(而不是一個特定的數據庫)成功登錄:
[email protected]:/vagrant/test$ sudo docker exec -it mongodb mongo --port 27017 -u authenticated -p password
MongoDB shell version: 3.2.14
connecting to: 127.0.0.1:27017/test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
>
注:我有一個相應的github issue,以跟蹤這一問題的進展情況。
也許,我需要特別通知,從上述/var/log/mongodb/mongod.log採取了以下子段:
2017-06-22T17:49:49.663-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:40926 #1 (1 connection now open)
2017-06-22T17:49:50.180-0400 I COMMAND [conn1] update admin.system.version query: { _id: "authSchema" } update: { $set: { currentVersion: 5 } } keysExamined:0 docsExamined:0 nMatched:1 nModified:1 upsert:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { W: 2 } } } 428ms
2017-06-22T17:49:50.397-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 188ms
2017-06-22T17:49:50.397-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 703ms
其中可能有一些相關的連續片段,來自同一個日誌文件:
2017-06-22T17:59:38.129-0400 I ACCESS [conn10] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.4 ; UserNotFound: Could not find user [email protected]
我試過你的建議'sudo docker exec -it mongodb sudo mongo admin mongodb:// mongodb:27017 --eval「...」--quiet'。現在,當我檢查我的'/ var/log/mongodb/mongod.log'時,它說'在管理員身份驗證成功'。 – user2063478