Mongodb Docker内部的Mongo身份验证
我正在尝试使用身份验证运行mongo docker映像。下面是最简单的示例,我通过Mongodb Docker内部的Mongo身份验证,mongodb,docker,docker-compose,Mongodb,Docker,Docker Compose,我正在尝试使用身份验证运行mongo docker映像。下面是最简单的示例,我通过docker compose up命令运行了mongo和mongo express图像。我的docker compose.yml在此阶段: version: '3.1' services: mongo: image: mongo restart: always environment: MONGO_INITDB_ROOT_USERNAME: root MONG
docker compose up
命令运行了mongo和mongo express图像。我的docker compose.yml
在此阶段:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example
这样运行时,两个容器都启动正常,我可以从mongo express网站浏览mongo的内容。但是,每当我在docker compose.yml
文件中更改用户名或密码时,例如:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example123
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example123
mongo express会抛出未经分析的错误消息:
mongo-express_1 | Admin Database connected
mongo-express_1 | { MongoError: Authentication failed.
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:116:13)
mongo-express_1 | at Socket.emit (events.js:211:7)
mongo-express_1 | at addChunk (_stream_readable.js:263:12)
mongo-express_1 | at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'Authentication failed.',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'Authentication failed.',
mongo-express_1 | code: 18,
mongo-express_1 | codeName: 'AuthenticationFailed' }
mongo-express_1 | unable to list databases
mongo-express_1 | { MongoError: command listDatabases requires authentication
mongo-express_1 | at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1 | at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1 | at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1 | at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1 | at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1 | at emitOne (events.js:116:13)
mongo-express_1 | at Socket.emit (events.js:211:7)
mongo-express_1 | at addChunk (_stream_readable.js:263:12)
mongo-express_1 | at readableAddChunk (_stream_readable.js:250:11)
mongo-express_1 | at Socket.Readable.push (_stream_readable.js:208:10)
mongo-express_1 | name: 'MongoError',
mongo-express_1 | message: 'command listDatabases requires authentication',
mongo-express_1 | ok: 0,
mongo-express_1 | errmsg: 'command listDatabases requires authentication',
mongo-express_1 | code: 13,
mongo-express_1 | codeName: 'Unauthorized' }
mongo-express|管理数据库已连接
mongo-express_1 |{MongoError:身份验证失败。
mongo-express_1| at Function.MongoError.create(/node_modules/mongodb core/lib/error.js:31:11)
mongo-express|u 1| at/node|modules/mongodb core/lib/connection/pool.js:483:72
mongo-express_1| at AuthenticateTraggler(/node_modules/mongodb core/lib/connection/pool.js:429:16)
mongo-express_1| at Connection.messageHandler(/node_modules/mongodb core/lib/Connection/pool.js:463:5)
mongo-express_1| at套接字。(/node_modules/mongodb core/lib/connection/connection.js:319:22)
mongo-express|1|在emitOne(events.js:116:13)
mongo-express_1| at Socket.emit(events.js:211:7)
mongo-express_1|at addChunk(_stream_readable.js:263:12)
mongo-express_1| at readableAddChunk(_stream_readable.js:250:11)
mongo-express_1| at Socket.Readable.push(_stream_Readable.js:208:10)
mongo-express|1 |名称:“MongoError”,
mongo-express|消息:“身份验证失败。”,
mongo-express|好的:0,
mongo-express|1 | errmsg:“身份验证失败。”,
mongo-express|1 |代码:18,
mongo-express_1 |代码名:'AuthenticationFailed'}
mongo-express|无法列出数据库
mongo-express_1 |{MongoError:命令listDatabases需要身份验证
mongo-express_1| at Function.MongoError.create(/node_modules/mongodb core/lib/error.js:31:11)
mongo-express|u 1| at/node|modules/mongodb core/lib/connection/pool.js:483:72
mongo-express_1| at AuthenticateTraggler(/node_modules/mongodb core/lib/connection/pool.js:429:16)
mongo-express_1| at Connection.messageHandler(/node_modules/mongodb core/lib/Connection/pool.js:463:5)
mongo-express_1| at套接字。(/node_modules/mongodb core/lib/connection/connection.js:319:22)
mongo-express|1|在emitOne(events.js:116:13)
mongo-express_1| at Socket.emit(events.js:211:7)
mongo-express_1|at addChunk(_stream_readable.js:263:12)
mongo-express_1| at readableAddChunk(_stream_readable.js:250:11)
mongo-express_1| at Socket.Readable.push(_stream_Readable.js:208:10)
mongo-express|1 |名称:“MongoError”,
mongo-express|消息:“命令列表数据库需要身份验证”,
mongo-express|好的:0,
mongo-express|errmsg:“命令列表数据库需要身份验证”,
mongo-express|1 |代码:13,
mongo-express|1 |代号:“未经授权”}
无论我在docker compose.yml
中输入什么用户名或密码,我都无法让mongo express连接到mongo,除非我使用原始的根目录
和示例
对
请注意,我没有将用户名和密码作为环境变量,但它们直接输入到docker compose.yml
文件中,如您所见
还要注意的是,当我将MONGO_INITDB_ROOT_用户名
和MONGO_INITDB_ROOT_密码
(MONGO's)变量更改为任何变量时,它们似乎没有任何效果,我仍然可以使用原始根和示例凭据连接MONGO express
是什么导致了这种行为?我怎样才能做到这一点 您的docker compose命令:
docker-compose up --build --force-recreate
Mongo映像,因此您还需要--更新一个非卷():
否则,将使用已初始化DB的上一个卷=>INITDB env变量将不会被使用。在我的情况下,我必须首先
停止我所有的容器
然后docker系统删减-a--卷
这是最后的手段。请在使用此cmd检查之前,如果您创建mongodb容器(docker compose-up
将构建/拉取图像并启动容器),并为其提供用户名和密码,mongodb将在第一次运行时自行配置,不再!在为该服务创建新容器之前,默认用户/通行证将是最初设置的用户/通行证。如果要更改默认值,则必须创建一个新容器。
您还可以在容器启动后添加用户
仅停止服务容器(docker compose stop
)不会销毁de容器。要执行此操作,请向下调用docker compose,或在启动时向上调用docker compose--force recreate
关于docker系统prune-a--卷可以解决这个问题,但一个更简单的方法是(如果您正在装载一个数据卷以使db持久化),您可以删除并重新创建一个新的卷,这样其他卷就不会受到影响。
当然,将其与:docker compose up--build--force recreate--renew anon volumes相结合对我有效的方法是为mongodb服务器添加环境变量
ME_CONFIG_MONGODB_SERVER: mongo
像这样:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example
ME_CONFIG_MONGODB_SERVER: mongo
我猜:INITDB变量只用于初始化,所以如果DB已经初始化,就不会使用它们。尝试销毁然后从头开始堆栈,您会看到。我尝试运行了docker compse up--build--force recreate
,但没有解决此问题。作为一次绝望的尝试,我删除了所有相关的容器和图像。在这种情况下,我可以第一次使用任何用户名和密码,因此您对INITDB变量的看法可能是正确的,但我仍然不知道为什么会发生这种情况。--renew anon volumes
标志解决了我的问题,谢谢!
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
mongo-express:
image: mongo-express
restart: always
ports:
- 8081:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: example
ME_CONFIG_MONGODB_SERVER: mongo