Authentication, Mongo and Upstart



  • I have just spent many hours gathering these facts...

    1. In some place in the installation instructions of Nodebb, it says to add "auth=true" to /etc/mongod.conf. In the modern age, that file is YAML and this is bad syntax. I have not been able to discern the correct alternative. Significantly, it means that Mongo does not start.

    2. When I type "mongod", it starts the Mongo daemon. After I do that, I can start and run nodebb with no problems at all. Works 100%.

    3. When I revise /etc/mongod.conf so that it has correct syntax, mongod runs but, when I start nodes, it tells me that it cold not connect to Mongo. "Authentication failed".

    It appears that Mongod, when called from the command line, supports whatever is meant by "auth=true".

    So, change to mongoldb --config /etc/mongod.conf and confirm that it is now looking at the config file by breaking it and then making it work.

    I also confirm that nodebb does not authenticate.

    So, I started looking for whatever it is that is the default behavior. I tried:

    security: authorization: enabled

    Sure seems like a good candidate. No love.

    I cannot figure out the next thing to try.

    Everyone, please join in.


  • Admin

    What version of MongoDB are you using? The config file syntax changed between 2.4/2.4 and 3.0



  • It's 3.2.3 and it is using the new YAML config syntax. My problem is trying to figure out what the config option is to make Nodebb able to log into the database.

    I know that the user matches up properly because it works when I start mongod from the command line.

    I just can't figure out how to specify the equivalent of "auth=true" in YAML.



  • @tqwhite said:

    I just can't figure out how to specify the equivalent of "auth=true" in YAML.

    I think you already did this, but just for sure.

    From https://docs.mongodb.org/manual/administration/configuration/

    security:
       authorization: enabled
    

    0_1458310939749_upload-5390aaff-31b6-406e-96fe-3f2214bfc6c9



  • OK, now I think I got full stories 🙂

    Actually, my first question to your situation is that

    @tqwhite said:

    When I type "mongod", it starts the Mongo daemon. After I do that, I can start and run nodebb with no problems at all. Works 100%.

    You might mean that you executed mongod at /var/lib/mongodb ( usually that is the data directory ), don't you?

    something like

    cd /var/lib/mongodb
    mongod
    


  • SOLVED!

    It turns out that the security thing was a red herring.

    Lesson #1: The Nodebb installation pdf says to insert "auth=true" in the file /etc/mongod.conf. This is not only incorrect syntax for the modern YAML world, but it is unnecessary. Mongo defaults to "security: authorization: enabled" (which is, I believe the correct element).

    0_1458320313455_Screen Shot 2016-03-18 at 11.57.04 AM.png

    Lesson #2: This is what was actually broken. The configuration file that installs with Mongo (apt-get...) specifies a file path for the database. Incredibly, that file path is not correct. The default location for mongo's data is /data/db. The file, /etc/mongod.conf, has something else. My problem was that Mongo was looking at the wrong database file which didn't have the correct user. Hence, authentication error.

    It turns out that mongo does not use a config file unless you specify one. There is no default config file. In particular, /etc/mongod.conf is not used when you start mongod from the command line.

    Since the nodebb installation PDF specifies that file for "auth=true", I was very confused. My confusion was made much worse by the boilerplate mongo Upstart script I got (and am pained to say that I cannot remember where it is) referenced /etc/mongod.conf.

    It is entirely unclear to me whether Upstart operation actually requires a config file or if it would start it correctly without one. I prefer a config file because it documents where stuff is when I need to debug later. The config file now includes "storage: dbPath: /data/db" instead of whatever bad old stuff it had.

    Lesson #3: Once I figured this out, it still did not work. The log said it was "Unable to create/open lock file: /data/db/mongod.lock".

    The problem results from the fact I installed Mongo as root and ran it for the first time as root. That means that its files were owned by root. This was not a problem when I ran it from the command line because I did that as root, too.

    Eventually I figured out that the Upstart script, appropriately, runs as user 'mongodb'. This user was not able to work with the files owned by root.

    Obviously, the remedy was to change the ownership of /data/db. But, I already had a substantial amount of data in those files so I had to figure out how to back it up in case I killed something. Mongodump is the answer and worked quickly and easily.

    I did "chown -R mongoldb /data" and then rebooted the server. It worked.

    Bottom Line: The Nodebb installation docs need some fixing. The Ubuntu Mongo install needs some fixing. I need to trust received information somewhat less.

    Thanks, julian and qgp9, for your help.

    [updated to add a line of explanation about the consequences of the goofy database path error.]



  • Congratulations!

    By the way, can I know your OS version? I would like to test by myself also 🙂



  • @qgp9 It's the Ubuntu 14 LTS. If you need details, here are some...

    0_1458325529015_Screen Shot 2016-03-18 at 1.25.07 PM.png



  • @tqwhite

    My test

    In short, I tested ubuntu 14.04 and mongodb 3.2 from clean install with

    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
    echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
    sudo apt-get update
    sudo apt-get install -y mongodb-org
    

    And added next to /etc/mongod.conf

    security:
      authorization: enabled
    

    And every thing is perfectly working. Even more funny thing is that, if one remove above authorization: enabled part, then mongod doesn't care of a password, which means any arbitrary passwords include empty string works fine with nodebb and mongodb

    Also mongod data filew are at /var/lib/mongodb. even I have no /data

    Question

    So I would like to ask how you installed mongodb. By compile?

    Some Information.

    Actually I installed mongodb 2.4 first and install mongodb 3.2 on it. And I found out /etc/mongodb.conf and /etc/init.d/mongod were not updated. This means, service mongod start will bring wrong configurations. One should do start mongod instead of service mongod start to use proper configurations via initctl



  • @tqwhite Is it docker?



  • @qgp9 I can't say exactly how I installed Mongo. When I google, "ubuntu install mongo", my web browser tells me that this page

    has been visited and it looks familiar. I think it's what I used to guide me.

    And, no, I did not compile. And no, I am not using docker.

    A detail, since you seem to be interested, is that the install does not leave my system with a functioning "service mongod restart" command. At present, Upstart runs Mongo. "stop mongod" does not work.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.