Non-interactive user creation #89
Comments
|
Specifically, I want to use the official mongo image kicked off like below, but also create users if you can tell me if that is an option. docker run -d -v /tmp/mongodb -p 27017:27017 --name mongodb mongo:3.2.4 |
|
Looking for a way to do what is below that I run manually after I start the DB at DB creation time. Is that a current feature or a feature request? docker exec -it mongodb mongo admin |
|
Having hooks for scripts has come up a bunch of times here. It doesn't seem like it's a priority though. Or maybe it's just considered out of scope for the base image (even though other official db images handle setup scripts). But whatever. That's why the fork button exists. So anyway, I had a requirement that the setup be automated, so I solved the problem with my own image instead. It was originally based on the same 3.x Docker file here. The only difference is it now starts mongod, runs a few setup scripts, shuts down, then fires it back up with the new configuration. It currently does root and non-root user setup, custom data directory, and replica set config (all of which are optional). The only thing you have to do it set environment variables. See the readme for full details. It's not the official Docker image blessed by the Mongo gods, but it has been working well for me for about a year with hundreds of deployments. The user setup... (used mostly for Meteor apps, so the non-root user gets read-only oplog access too) |
|
Thanks @jshimko. Trying to keep with the official build, but that might not be an option if I want it all automated. I don't understand the point of mongodb in a docker if you still have to manually configure things. Why use docker? |
|
@jeremypumphrey, because with Docker you can stand up a Mongo instance in about 10 seconds. And in my case, a 3 host replica set in about 20-30 secs. All without any manual setup. I don't know any other way to do that with such little effort. And as far as "official", the only thing that makes my setup less official is my own configuration (which is essentially the same thing you do manually). So I'm not really sure how much that actually matters. However, I do know that repetitive manual steps cost me far more than not using the official image does. ;) |
|
I found another way to create users by bringing up a temp mongo instance and running the shell remotely. docker run -it --link mongodb --rm mongo sh -c 'mongo --host 192.168.99.100 --port 27017 --eval "db.createUser({ user: "root", pwd: "password", roles: [ { role: "root", db: "admin" } ] });"' docker run -it --link mongodb --rm mongo sh -c 'mongo --host 192.168.99.100 --port 27017 --eval "db.createUser({ user: "match", pwd: "password", roles: [ { role: "dbOwner", db: "Match" } ] });"' This works fine for user creation as is, but --auth isn't required. Problem is that if I run the first line with --auth the following remote sessions fail to connect. So how do I start it without auth, add the accounts, then restart it with --auth, without losing my added accounts (like a new container would)? |
|
Yeah, enabling auth means that the initial user needs to be created from $ # start the container
$ docker run -d -v /tmp/mongodb -p 27017:27017 --name mongodb -e MONGODB_DBNAME=match mongo:3.2.4 --auth
$ # add users via localhost
$ docker run -it --net mongodb --rm mongo sh -c 'mongo --host localhost --eval "db.createUser({ user: \"root\", pwd: \"password\", roles: [ { role: \"root\", db: \"admin\" } ] });"'Alternatively. if you start the container without auth, add users, and then want to enable auth, just start a new one with $ # start the temporary container
$ docker run -d -v /tmp/mongodb --name mongodb -e MONGODB_DBNAME=match mongo:3.2.4
$ # do the user creation
$ # ...
$ # stop the server
$ docker stop mongodb
$ # create new mongodb container, using the old ones data
$ docker run -d -p 27017:27017 --name mongodb2 --volumes-from mongodb -e MONGODB_DBNAME=match mongo:3.2.4 --auth
$ # clean up old container (we are using the volumes so they will stick around)
$ docker rm mongodb
$ # rename new container to keep things tidy
$ docker rename mongodb2 mongodb |
|
What is the canonical way to start this image with the |
|
@miraculixx the README does include that in the "Authentication and Authorization" section:
(note the |
|
Not being able to create admin user in a non interactive way is a game breaker for me. I need to create instances that developers can use by just doing docker-compose up. Without this users have to do sysadmin/dba admin work they have no experience with. Perhaps with a dockerfile I can run a shell command, but its just not as functional. |
|
The recent MongoDB ransomware attacks is a sign that security should be easy to setup... docker-compose.yml: |
|
Why isn't this configurable through environment variables? The Tutum Mongo image supports this but is deprecated. I guess I'll write a script to add a user but it's such a common use case and authentication should be encouraged by default... Having to do it interactively is annoying, especially when deploying to an orchestrator. |
|
My vote for a non-interactive way to create the initial user... |
I want to use user authentication to my DB, but I also want to create the user at startup non-interactively so I can spawn new DBs without logging into each and creating users manually. In the official mongo docker page https://hub.docker.com/_/mongo/ it lists the interactive way. Is there a non-interactive way?
The text was updated successfully, but these errors were encountered: