Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

MongoDB replica set with authentication fails to start

See original GitHub issue

How do we setup authentication or define a root user?

So far I have tried:

Setting MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD environment variables on mongo container. Mongo container fails to start with “Error: couldn’t add user: not master :” which is fair since we pass --replSet flag and it tries adding a user before rs.initiate();
Passing --auth flag to mongod and running post start script on container to add a root user:

sleep 5;
mongo --eval 'rs.initiate()';
mongo --eval 'db=db.getSiblingDB("admin");db.createUser({ user: "root", pwd: "root", roles: [{ role: "root", db: "admin" }]})';

The user is added successfully but sidecar fails with: The hosts mongo-0:27017 and 10.0.12.57:27017 all map to this node in new configuration version 2 for replica set rs0 as it tries to add the same replica again as mongo-0 is 10.0.12.57.

So what’s the proper way of enabling authentication?

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:9 (1 by maintainers)

Top GitHub Comments

3reactions

romanlytvyncommented, May 12, 2017

I’ve come up with some kind of a workaround:

...
containers:
  - name: mongo
    image: mongo
    command:
    - /bin/sh
    - -c
    - >
      if [ -f /data/db/key ]; then
        mongod --keyFile /data/db/key --replSet rs0;
      else
        mongod --auth;
      fi;
    lifecycle:
      postStart:
        exec:
          command:
          - /bin/sh
          - -c
          - >
            if [ ! -f /data/db/key ]; then
              sleep 5;

              echo "SOMESTRONGPASSWORD" > /data/db/key
              chmod 600 /data/db/key

              if [ "$HOSTNAME" = "mongo-0" ]; then
                mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "root", pwd: "root", roles: [{ role: "root", db: "admin" }]});';
              fi;

              mongod --shutdown;
            fi;
    ports:
      - containerPort: 27017
    volumeMounts:
      - name: mongo-persistent-storage
        mountPath: /data/db
  - name: mongo-sidecar
    image: cvallance/mongo-k8s-sidecar
    env:
      - name: MONGO_SIDECAR_POD_LABELS
        value: "role=mongo,environment=test"
      - name: MONGODB_DATABASE
        value: "admin"
      - name: MONGODB_USERNAME
        value: "root"
      - name: MONGODB_PASSWORD
        value: "root"
...

The idea is to start a container without --replSet (to be able to add a user without rs.initiate()), create a key file on container start and add a user on primary node (mongo-0) and restart container with --keyFile and --replSet.

Please let me know if there is a proper way of doing this.

0reactions

supereaglecommented, Jun 13, 2019

@nrobert13 Thanks. I have enabled authentication with similar way.

Top Results From Across the Web

MongoDB authentication failed for Replica Set - Drivers & ODMs

This is really concerning as single node login always works for us but login as Replica Set with read preference as slave fails...

MongoDB not able to authenticate on the replicaset

I can't initiate the replica set unless I get access to the db. No, first you need to initiate the Replica Set, then...

Can't auth admin db on the replica set

After first user is created to RS, localhost exception is gone and you need authenticate. So, first created user MUST be admin with...

Authentication issue on MongoDB 4.2 replicaset #3782 - GitHub

The cause of the problem is, that MongoDB Community Operator is constrained to SCRAM-SHA-256 whereas Orion only uses SCRAM-SHA-1... There is a workaround...

db.auth() keeps failing for STARTUP2 - Google Groups

Create a single replica set node with auth, with user “x” as admin · Create a standalone node with auth, with user “y”...