使用Strongloop和MongoDB的访问控制错误
我在OpenShift云上使用StrongLoop和MongoDB盒带,无法使用Explorer界面查询和操作集合中的资源 我创建了一个简单的模型定义,并在OpenShift上部署了所有内容。MongoDB版本是2.4.9。MongoDB是通过命令行启动的:使用Strongloop和MongoDB的访问控制错误,mongodb,openshift,strongloop,Mongodb,Openshift,Strongloop,我在OpenShift云上使用StrongLoop和MongoDB盒带,无法使用Explorer界面查询和操作集合中的资源 我创建了一个简单的模型定义,并在OpenShift上部署了所有内容。MongoDB版本是2.4.9。MongoDB是通过命令行启动的: mongod --auth -f /var/lib/openshift/<openshift-account>/mongodb//conf/mongodb.conf run mongod--auth-f/var/lib/ope
mongod --auth -f /var/lib/openshift/<openshift-account>/mongodb//conf/mongodb.conf run
mongod--auth-f/var/lib/openshift//mongodb//conf/mongodb.conf运行
上面引用的.conf文件是:
# mongodb.conf
bind_ip = <redacted>
#port = 27017
dbpath=/var/lib/openshift/<redacted>/mongodb/data/
pidfilepath=/var/lib/openshift/<redacted>/mongodb/pid/mongodb.pid
# Enables periodic logging of CPU utilization and I/O wait
#cpu = false
# Turn on/off security. Off is currently the default
#noauth = true
# Verbose logging output.
#verbose = true
# Inspect all client data for validity on receipt (useful for
# developing drivers)
#objcheck = true
# Enable db quota management
#quota = true
# Set oplogging level where n is
# 0=off (default)
# 1=W
# 2=R
# 3=both
# 7=W+some reads
#oplog = 0
# Diagnostic/debugging option
#nocursors = true
# Ignore query hints
#nohints = true
# Disable the HTTP interface (Defaults to localhost:27018).
nohttpinterface = true
# Turns off server-side scripting. This will result in greatly limited
# functionality
#noscripting = true
# Turns off table scans. Any query that would do a table scan fails.
#notablescan = true
# Disable data file preallocation.
noprealloc = true
# Specify .ns file size for new databases.
# nssize = <size>
# Accout token for Mongo monitoring server.
#mms-token = <token>
# Server name for Mongo monitoring server.
#mms-name = <server-name>
# Ping interval for Mongo monitoring server.
#mms-interval = <seconds>
# Replication Options
# in replicated mongo databases, specify here whether this is a slave or master
#slave = true
#source = master.example.com
# Slave only: specify a single database to replicate
#only = master.example.com
# or
#master = true
#source = slave.example.com
# Address of a server to pair with.
#pairwith = <server:port>
# Address of arbiter server.
#arbiter = <server:port>
# Automatically resync if slave data is stale
#autoresync
# Custom size for replication operation log.
#oplogSize = 10
# Size limit for in-memory storage of op ids.
#opIdMem = <bytes>
# Specific configuration for openshift cartridge
smallfiles = true
quiet = true
#mongodb.conf
绑定ip=
#端口=27017
dbpath=/var/lib/openshift//mongodb/data/
pidfilepath=/var/lib/openshift//mongodb/pid/mongodb.pid
#启用CPU利用率和I/O等待的定期日志记录
#cpu=错误
#打开/关闭安全。关闭当前是默认设置
#noauth=true
#详细日志记录输出。
#详细=正确
#在收到所有客户数据时检查其有效性(对于
#开发驱动程序)
#objcheck=true
#启用数据库配额管理
#配额=真
#设置oplogging级别,其中n为
#0=关闭(默认)
#1=W
#2=R
#3=两者
#7=W+一些读数
#oplog=0
#诊断/调试选项
#nocursors=真
#忽略查询提示
#nohits=true
#禁用HTTP接口(默认为localhost:27018)。
nohttpinterface=true
#关闭服务器端脚本。这将导致极大的限制
#功能性
#noscripting=true
#关闭表格扫描。任何进行表扫描的查询都会失败。
#notablescan=true
#禁用数据文件预分配。
noprealloc=true
#为新数据库指定.ns文件大小。
#nssize=
#Mongo监控服务器的Accout令牌。
#彩信令牌=
#Mongo监视服务器的服务器名称。
#彩信名称=
#Mongo监视服务器的Ping间隔。
#彩信间隔=
#复制选项
#在复制的mongo数据库中,在此处指定这是从数据库还是主数据库
#从属=真
#source=master.example.com
#仅从:指定要复制的单个数据库
#仅=master.example.com
#或
#主=真
#source=slave.example.com
#要与之配对的服务器的地址。
#成对的=
#仲裁服务器的地址。
#仲裁人=
#如果从属数据过时,则自动重新同步
#自动同步
#复制操作日志的自定义大小。
#oplogSize=10
#op ID内存中存储的大小限制。
#opIdMem=
#openshift盒带的特定配置
smallfiles=true
安静=真实
使用Explore UI,我尝试获取所有对象。我希望收到一个空结果,但我收到一个访问控制错误
{
"error": {
"name": "MongoError",
"status": 500,
"message": "not authorized for query on admin.ACL",
"stack": "MongoError: not authorized for query on admin.ACL\n at Object.toError (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/utils.js:114:11)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:54\n at Cursor.close (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:989:5)\n at commandHandler (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:21)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/db.js:1916:9\n at Server.Base._callHandler (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/base.js:448:41)\n at /var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:481:18\n at MongoReply.parseBody (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)\n at null.<anonymous> (/var/lib/openshift/544ecf5f4382ec1dcc0002ec/app-root/runtime/repo/node_modules/loopback-connector-mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:439:20)\n at emit (events.js:95:17)"
}
}
{
“错误”:{
“名称”:“MongoError”,
“地位”:500,
“消息”:“未授权查询admin.ACL”,
“堆栈”:“MongoError:未授权在Object.toError(/var/lib/openshift/544ecf5382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/utils.js:114:11)上查询admin.ACL\n\n at/var/lib/openshift/544ecf5382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:54\n at cursor.close(/var/lib/openshift/544ecf5382ec1dcc002ec/app root/runtime/repo/node_modules/loop_modules/loop/loopback connector mongodb/node_modules/mongodb/mongodb/lib/mongodb/lib/mongodb/mongodb/mongodb\n位于commandHandler(/var/lib/openshift/544ecf5382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/cursor.js:700:21)\n位于/var/lib/openshift/544ecf5f4382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/db.js:1916:9\n位于Server.Base.\u callHandler(/var/lib/openshift/544ecf5f4382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/connection/base.js:448:41)\n位于/var/lib/openshift/544ecf5f4382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:481:18\n位于MongoReply.parseBody(/var/lib/openshift/544ecf5f4382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)\n为null。(/var/lib/openshift/544ecf5f4382ec1dcc002ec/app root/runtime/repo/node_modules/loopback connector mongodb/node_modules/mongodb/lib/mongodb/connection/server.js:439:20)\n在发出时(events.js:95:17)
}
}
以下是请求提示的mongodb日志文件的摘录:
Thu Oct 30 08:06:56.633 [conn9] assertion 16550 not authorized for query on <redacted>.ACL ns:<redacted>.ACL query:{ $query: { model: "Media", property: { $in: [ "find", "*" ] }, accessType: { $in: [ "READ", "*" ] } }, orderby: { _id: 1 } }
Thu Oct 30 08:07:13.949 [conn13] authenticate db: admin { authenticate: 1, user: "admin", nonce: "<redacted>", key: "<redacted>" }
Thu Oct 30 08:07:14.717 [conn13] command admin.$cmd command: { listDatabases: 1 } ntoreturn:1 keyUpdates:0 locks(micros) R:458 W:106047 r:48 reslen:285 136ms
Thu Oct 30 08:07:14.826 [conn13] command admin.$cmd command: { $eval: CodeWScope( function (){ return db.getCollectionNames(); }, {}), args: {} } ntoreturn:1 keyUpdates:0 locks(micros) W:106944 reslen:92 106ms
Thu Oct 30 08:07:14.918 [conn14] authenticate db: admin { authenticate: 1, user: "admin", nonce: "<redacted>", key: "<redacted>" }
Thu-Oct 30 08:06:56.633[conn9]断言16550未被授权查询.ACL ns:.ACL查询:{$query:{model:“Media”,属性:{$in:[“find”,“*”]},访问类型:{$in:[“READ”,“*”]},orderby:{{id:1}
10月30日星期四08:07:13.949[conn13]authenticate db:admin{authenticate:1,用户:“admin”,nonce:,key:}
10月30日星期四08:07:14.717[conn13]命令管理$cmd命令:{listDatabases:1}返回:1键更新:0锁(微秒)R:458 W:106047 R:48 reslen:285 136ms
10月30日星期四08:07:14.826[conn13]命令管理$cmd命令:{$eval:CodeWScope(函数(){return db.getCollectionNames();},{},{}),args:{}ntoreurn:1键更新:0锁(micro)W:106944 reslen:92 106ms
10月30日星期四08:07:14.918[conn14]authenticate db:admin{authenticate:1,用户:“admin”,nonce:,key:}
尝试使用Explorer界面在集合中创建资源时,我收到相同的错误。请注意,它正在验证的用户名是admin,而不是我在数据源中包含的用户名和凭据。json:
{
"db": {
"name": "db",
"connector": "memory"
},
"cloudMongoDB": {
"host": "<redacted>",
"port": "27017",
"url": "mongodb://<redacted:27017/<redacted",
"username": "<not-user-admin>",
"password": "<redacted>",
"name": "cloudMongoDB",
"connector": "mongodb",
"database": "<redacted>"
}
}
{
“db”:{
“名称”:“db”,
“连接器”:“内存”
},
“cloudMongoDB”:{
“主机”:“,
“端口”:“27017”,
“url”:“mongodb://感谢您的更新,我们也将在文档中澄清最后一部分