Authentication, Mongo and Upstart
-
I have just spent many hours gathering these facts...
-
In some place in the installation instructions of Nodebb, it says to add "auth=true" to /etc/mongod.conf. In the modern age, that file is YAML and this is bad syntax. I have not been able to discern the correct alternative. Significantly, it means that Mongo does not start.
-
When I type "mongod", it starts the Mongo daemon. After I do that, I can start and run nodebb with no problems at all. Works 100%.
-
When I revise /etc/mongod.conf so that it has correct syntax, mongod runs but, when I start nodes, it tells me that it cold not connect to Mongo. "Authentication failed".
It appears that Mongod, when called from the command line, supports whatever is meant by "auth=true".
So, change to mongoldb --config /etc/mongod.conf and confirm that it is now looking at the config file by breaking it and then making it work.
I also confirm that nodebb does not authenticate.
So, I started looking for whatever it is that is the default behavior. I tried:
security: authorization: enabledSure seems like a good candidate. No love.
I cannot figure out the next thing to try.
Everyone, please join in.
-
-
It's 3.2.3 and it is using the new YAML config syntax. My problem is trying to figure out what the config option is to make Nodebb able to log into the database.
I know that the user matches up properly because it works when I start mongod from the command line.
I just can't figure out how to specify the equivalent of "auth=true" in YAML.
-
OK, now I think I got full stories
Actually, my first question to your situation is that
@tqwhite said:
When I type "mongod", it starts the Mongo daemon. After I do that, I can start and run nodebb with no problems at all. Works 100%.
You might mean that you executed
mongodat/var/lib/mongodb( usually that is the data directory ), don't you?something like
cd /var/lib/mongodb mongod -
SOLVED!
It turns out that the security thing was a red herring.
Lesson #1: The Nodebb installation pdf says to insert "auth=true" in the file /etc/mongod.conf. This is not only incorrect syntax for the modern YAML world, but it is unnecessary. Mongo defaults to "security: authorization: enabled" (which is, I believe the correct element).
Lesson #2: This is what was actually broken. The configuration file that installs with Mongo (apt-get...) specifies a file path for the database. Incredibly, that file path is not correct. The default location for mongo's data is /data/db. The file, /etc/mongod.conf, has something else. My problem was that Mongo was looking at the wrong database file which didn't have the correct user. Hence, authentication error.
It turns out that mongo does not use a config file unless you specify one. There is no default config file. In particular, /etc/mongod.conf is not used when you start mongod from the command line.
Since the nodebb installation PDF specifies that file for "auth=true", I was very confused. My confusion was made much worse by the boilerplate mongo Upstart script I got (and am pained to say that I cannot remember where it is) referenced /etc/mongod.conf.
It is entirely unclear to me whether Upstart operation actually requires a config file or if it would start it correctly without one. I prefer a config file because it documents where stuff is when I need to debug later. The config file now includes "storage: dbPath: /data/db" instead of whatever bad old stuff it had.
Lesson #3: Once I figured this out, it still did not work. The log said it was "Unable to create/open lock file: /data/db/mongod.lock".
The problem results from the fact I installed Mongo as root and ran it for the first time as root. That means that its files were owned by root. This was not a problem when I ran it from the command line because I did that as root, too.
Eventually I figured out that the Upstart script, appropriately, runs as user 'mongodb'. This user was not able to work with the files owned by root.
Obviously, the remedy was to change the ownership of /data/db. But, I already had a substantial amount of data in those files so I had to figure out how to back it up in case I killed something. Mongodump is the answer and worked quickly and easily.
I did "chown -R mongoldb /data" and then rebooted the server. It worked.
Bottom Line: The Nodebb installation docs need some fixing. The Ubuntu Mongo install needs some fixing. I need to trust received information somewhat less.
Thanks, julian and qgp9, for your help.
[updated to add a line of explanation about the consequences of the goofy database path error.]
-
My test
In short, I tested
ubuntu 14.04andmongodb 3.2from clean install withsudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927 echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list sudo apt-get update sudo apt-get install -y mongodb-orgAnd added next to
/etc/mongod.confsecurity: authorization: enabledAnd every thing is perfectly working. Even more funny thing is that, if one remove above
authorization: enabledpart, thenmongoddoesn't care of a password, which means any arbitrary passwords include empty string works fine with nodebb and mongodbAlso mongod data filew are at
/var/lib/mongodb. even I have no/dataQuestion
So I would like to ask how you installed
mongodb. By compile?Some Information.
Actually I installed
mongodb 2.4first and installmongodb 3.2on it. And I found out/etc/mongodb.confand/etc/init.d/mongodwere not updated. This means,service mongod startwill bring wrong configurations. One should dostart mongodinstead ofservice mongod startto use proper configurations viainitctl -
@qgp9 I can't say exactly how I installed Mongo. When I google, "ubuntu install mongo", my web browser tells me that this page
https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-ubuntu/
has been visited and it looks familiar. I think it's what I used to guide me.
And, no, I did not compile. And no, I am not using docker.
A detail, since you seem to be interested, is that the install does not leave my system with a functioning "service mongod restart" command. At present, Upstart runs Mongo. "stop mongod" does not work.
