PyMongo - UserNotFound: Could not find user authenticated@admin

I checked the permission on the /etc/mongod.conf:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb ls -l /etc/mongod.conf -rw-r--r-- 1 root root 472 Jun 22 00:09 /etc/mongod.conf

Then, I checked it's corresponding content:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf ## mongodb.conf, this file is enforced by puppet. ## ## Note: http://docs.mongodb.org/manual/reference/configuration-options/ ## ## where and how to store data. storage: dbPath: /var/lib/mongodb journal: enabled: true ## where to write logging data. systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log ## network interfaces net: port: 27017 bindIp: 0.0.0.0 ## mongodb process processManagement: pidFilePath: /var/run/mongod.pid ## role-based access controls #security: # authorization: enabled

Next, I added a mongodb user, adjusted the mongod.conf, and restarted the mongod process:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser({\ user: 'authenticated',\ pwd: 'password',\ roles: [\ 'readWrite',\ 'userAdmin',\ 'dbAdmin',\ { role: 'readWrite', db: 'dataset' },\ { role: 'userAdmin', db: 'dataset' },\ { role: 'dbAdmin', db: 'dataset' },\ ]\ },\ { w: 'majority' , wtimeout: 5000 } )" --quiet sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*security:/s/^#//g" /etc/mongod.conf sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*authorization:[[:space:]]*enabled/s/^#//g" /etc/mongod.conf sudo docker restart mongodb

Now, I was ready to try to implement the pymongo connector, from a docker container:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver python Python 2.7.6 (default, Oct 26 2016, 20:30:19) [GCC 4.8.4] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from pymongo import MongoClient, errors >>> cur = MongoClient("mongodb://authenticated:password@mongodb:27017/admin") >>> db = cur['dataset'] >>> col = db['svm'] >>> posts = col.posts >>> result = posts.insert_one({'one': 'two'}) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/local/lib/python2.7/dist-packages/pymongo/collection.py", line 654, in insert_one with self._socket_for_writes() as sock_info: File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__ return self.gen.next() File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 825, in _get_socket with server.get_socket(self.__all_credentials) as sock_info: File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__ return self.gen.next() File "/usr/local/lib/python2.7/dist-packages/pymongo/server.py", line 168, in get_socket with self.pool.get_socket(all_credentials, checkout) as sock_info: File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__ return self.gen.next() File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 792, in get_socket sock_info.check_auth(all_credentials) File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 512, in check_auth auth.authenticate(credentials, self) File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 470, in authenticate auth_func(credentials, sock_info) File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 450, in _authenticate_default return _authenticate_scram_sha1(credentials, sock_info) File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1 res = sock_info.command(source, cmd) File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 419, in command collation=collation) File "/usr/local/lib/python2.7/dist-packages/pymongo/network.py", line 116, in command parse_write_concern_error=parse_write_concern_error) File "/usr/local/lib/python2.7/dist-packages/pymongo/helpers.py", line 210, in _check_command_response raise OperationFailure(msg % errmsg, code, response) pymongo.errors.OperationFailure: Authentication failed.

I got denied with Authentication failed. I confirmed that our /etc/mongod.conf configuration file was correctly adjusted, with respect to the authorization directive:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf ## mongodb.conf, this file is enforced by puppet. ## ## Note: http://docs.mongodb.org/manual/reference/configuration-options/ ## ## where and how to store data. storage: dbPath: /var/lib/mongodb journal: enabled: true ## where to write logging data. systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log ## network interfaces net: port: 27017 bindIp: 0.0.0.0 ## mongodb process processManagement: pidFilePath: /var/run/mongod.pid ## role-based access controls security: authorization: enabled

Along with checking the logs, and status of the corresponding processes:

vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver sudo telnet mongodb 27017 Trying 172.18.0.2... Connected to mongodb. Escape character is '^]'. telnet> quit vagrant@trusty64:/vagrant/test$ cat /var/log/mongodb/mongod.log [LOGS OMITTED...] vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /var/log/mongodb/mongod.log 2017-06-22T15:47:06.359-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] db version v3.2.14 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] allocator: tcmalloc 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] modules: none 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] build environment: 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distmod: ubuntu1404 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distarch: x86_64 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] target_arch: x86_64 2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } } 2017-06-22T15:47:06.393-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] 2017-06-22T15:47:07.504-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data' 2017-06-22T15:47:07.504-0400 I NETWORK [initandlisten] waiting for connections on port 27017 2017-06-22T15:47:07.505-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker 2017-06-22T15:47:08.713-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:39746 #1 (1 connection now open) 2017-06-22T15:47:09.008-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 151ms 2017-06-22T15:47:09.008-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 280ms 2017-06-22T15:47:09.198-0400 I NETWORK [conn1] end connection 172.18.0.2:39746 (0 connections now open) 2017-06-22T15:47:09.744-0400 I CONTROL [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends 2017-06-22T15:47:09.749-0400 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture 2017-06-22T15:47:09.753-0400 I CONTROL [signalProcessingThread] now exiting 2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets... 2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 6 2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 7 2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock 2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to flush diaglog... 2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to close sockets... 2017-06-22T15:47:09.754-0400 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down 2017-06-22T15:47:10.044-0400 I STORAGE [signalProcessingThread] shutdown: removing fs lock... 2017-06-22T15:47:10.045-0400 I CONTROL [signalProcessingThread] dbexit: rc: 0 2017-06-22T15:47:10.825-0400 I CONTROL [main] ***** SERVER RESTARTED ***** 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] db version v3.2.14 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] allocator: tcmalloc 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] modules: none 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] build environment: 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distmod: ubuntu1404 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distarch: x86_64 2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] target_arch: x86_64 2017-06-22T15:47:10.923-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } } 2017-06-22T15:47:10.940-0400 I - [initandlisten] Detected data files in /var/lib/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'. 2017-06-22T15:47:10.940-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 2017-06-22T15:47:13.466-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended. 2017-06-22T15:47:13.467-0400 I CONTROL [initandlisten] 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] 2017-06-22T15:47:13.876-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data' 2017-06-22T15:47:13.876-0400 I NETWORK [initandlisten] waiting for connections on port 27017 2017-06-22T15:47:13.876-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker 2017-06-22T15:48:13.362-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39426 #1 (1 connection now open) 2017-06-22T15:48:13.492-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39428 #2 (2 connections now open) 2017-06-22T15:48:13.528-0400 I ACCESS [conn2] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin 2017-06-22T15:48:30.488-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39454 #3 (3 connections now open) 2017-06-22T15:48:30.493-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39456 #4 (4 connections now open) 2017-06-22T15:48:30.495-0400 I ACCESS [conn4] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin 2017-06-22T15:48:34.065-0400 I NETWORK [conn2] end connection 172.18.0.6:39428 (3 connections now open) 2017-06-22T15:48:34.065-0400 I NETWORK [conn1] end connection 172.18.0.6:39426 (2 connections now open) 2017-06-22T15:48:44.930-0400 I NETWORK [conn4] end connection 172.18.0.6:39456 (1 connection now open) 2017-06-22T15:48:44.930-0400 I NETWORK [conn3] end connection 172.18.0.6:39454 (0 connections now open) 2017-06-22T15:48:46.287-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39484 #5 (1 connection now open) 2017-06-22T15:48:46.291-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39486 #6 (2 connections now open) 2017-06-22T15:48:46.293-0400 I ACCESS [conn6] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin 2017-06-22T15:48:58.031-0400 I NETWORK [conn6] end connection 172.18.0.6:39486 (1 connection now open) 2017-06-22T15:48:58.032-0400 I NETWORK [conn5] end connection 172.18.0.6:39484 (0 connections now open) 2017-06-22T15:49:02.907-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39512 #7 (1 connection now open) 2017-06-22T15:49:02.912-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39514 #8 (2 connections now open) 2017-06-22T15:49:02.915-0400 I ACCESS [conn8] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin 2017-06-22T15:49:10.806-0400 I NETWORK [conn8] end connection 172.18.0.6:39514 (1 connection now open) 2017-06-22T15:49:10.807-0400 I NETWORK [conn7] end connection 172.18.0.6:39512 (0 connections now open) vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb netstat -ntlup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1/mongod tcp 0 0 127.0.0.11:44122 0.0.0.0:* LISTEN - udp 0 0 127.0.0.11:49005 0.0.0.0:*

I thought that I had created a user based on the above steps. Have I instead created a user on a local database? I can successfully login with the authenticated user (not to a specific database):

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb mongo --port 27017 -u authenticated -p password MongoDB shell version: 3.2.14 connecting to: 127.0.0.1:27017/test Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user >

<strong>Note:</strong> I have a corresponding github issue, to track the progress of this question.

Perhaps, I need to pay particular notice to the following sub-snippet taken from the above /var/log/mongodb/mongod.log:

2017-06-22T17:49:49.663-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:40926 #1 (1 connection now open) 2017-06-22T17:49:50.180-0400 I COMMAND [conn1] update admin.system.version query: { _id: "authSchema" } update: { $set: { currentVersion: 5 } } keysExamined:0 docsExamined:0 nMatched:1 nModified:1 upsert:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { W: 2 } } } 428ms 2017-06-22T17:49:50.397-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 188ms 2017-06-22T17:49:50.397-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 703ms

Which may have something related to the successive snippet, from the same log file:

2017-06-22T17:59:38.129-0400 I ACCESS [conn10] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.4 ; UserNotFound: Could not find user authenticated@admin

Answer1:

I spoke with you on IRC earlier.

The problem is that when you're creating your user with the line

vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser(...

You are not actually setting the db variable to the sibling(admin) database. You are simply invoking a function that returns a database.

You need to use the command db = db.getSiblingDB('admin'); in the shell to set the current database to the 'admin' database.

You can also use the shorthand use admin.

Or you can include the admin database in your mongod invocation and forego the eval'd db switch altogether. The database name is usually the first parameter of the mongod executable. I'm not 100% certain how it would translate to your docker command.

Perhaps vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo admin mongodb://mongodb:27017 --eval "db.createUser(...

Cheers!

人吐槽 人点赞

Recommend

Comment

用户名: 密码:
验证码: 匿名发表

你可以使用这些语言

查看评论:PyMongo - UserNotFound: Could not find user authenticated@admin