の許可を確認しました/etc/mongod.conf:
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb ls -l /etc/mongod.conf
-rw-r--r-- 1 root root 472 Jun 22 00:09 /etc/mongod.conf
次に、対応するコンテンツを確認しました。
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##
## where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
## where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
## network interfaces
net:
port: 27017
bindIp: 0.0.0.0
## mongodb process
processManagement:
pidFilePath: /var/run/mongod.pid
## role-based access controls
#security:
# authorization: enabled
次に、mongodb ユーザーを追加し、 を調整してmongod.conf、mongod プロセスを再起動しました。
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb sudo mongo mongodb://mongodb:27017 --eval "db.getSiblingDB('admin'); db.createUser({\
user: 'authenticated',\
pwd: 'password',\
roles: [\
'readWrite',\
'userAdmin',\
'dbAdmin',\
{ role: 'readWrite', db: 'dataset' },\
{ role: 'userAdmin', db: 'dataset' },\
{ role: 'dbAdmin', db: 'dataset' },\
]\
},\
{ w: 'majority' , wtimeout: 5000 } )" --quiet
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*security:/s/^#//g" /etc/mongod.conf
sudo docker exec -it mongodb sudo sed -i "/#[[:space:]]*authorization:[[:space:]]*enabled/s/^#//g" /etc/mongod.conf
sudo docker restart mongodb
これで、docker コンテナーから pymongo コネクターを実装する準備が整いました。
vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver python
Python 2.7.6 (default, Oct 26 2016, 20:30:19)
[GCC 4.8.4] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from pymongo import MongoClient, errors
>>> cur = MongoClient("mongodb://authenticated:password@mongodb:27017/admin")
>>> db = cur['dataset']
>>> col = db['svm']
>>> posts = col.posts
>>> result = posts.insert_one({'one': 'two'})
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/pymongo/collection.py", line 654, in insert_one
with self._socket_for_writes() as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 825, in _get_socket
with server.get_socket(self.__all_credentials) as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/server.py", line 168, in get_socket
with self.pool.get_socket(all_credentials, checkout) as sock_info:
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 792, in get_socket
sock_info.check_auth(all_credentials)
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 512, in check_auth
auth.authenticate(credentials, self)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 470, in authenticate
auth_func(credentials, sock_info)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 450, in _authenticate_default
return _authenticate_scram_sha1(credentials, sock_info)
File "/usr/local/lib/python2.7/dist-packages/pymongo/auth.py", line 201, in _authenticate_scram_sha1
res = sock_info.command(source, cmd)
File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 419, in command
collation=collation)
File "/usr/local/lib/python2.7/dist-packages/pymongo/network.py", line 116, in command
parse_write_concern_error=parse_write_concern_error)
File "/usr/local/lib/python2.7/dist-packages/pymongo/helpers.py", line 210, in _check_command_response
raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: Authentication failed.
で拒否されましたAuthentication failed。ディレクティブ/etc/mongod.confに関して、構成ファイルが正しく調整されていることを確認しました。authorization
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /etc/mongod.conf
## mongodb.conf, this file is enforced by puppet.
##
## Note: http://docs.mongodb.org/manual/reference/configuration-options/
##
## where and how to store data.
storage:
dbPath: /var/lib/mongodb
journal:
enabled: true
## where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
## network interfaces
net:
port: 27017
bindIp: 0.0.0.0
## mongodb process
processManagement:
pidFilePath: /var/run/mongod.pid
## role-based access controls
security:
authorization: enabled
ログと対応するプロセスのステータスを確認するとともに、次のことを行います。
vagrant@trusty64:/vagrant/test$ sudo docker exec -it webserver sudo telnet mongodb 27017
Trying 172.18.0.2...
Connected to mongodb.
Escape character is '^]'.
telnet> quit
vagrant@trusty64:/vagrant/test$ cat /var/log/mongodb/mongod.log
[LOGS OMITTED...]
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb cat /var/log/mongodb/mongod.log
2017-06-22T15:47:06.359-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] db version v3.2.14
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] allocator: tcmalloc
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] modules: none
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] build environment:
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distmod: ubuntu1404
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] distarch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] target_arch: x86_64
2017-06-22T15:47:06.360-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:06.393-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:07.211-0400 I CONTROL [initandlisten]
2017-06-22T15:47:07.504-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:07.504-0400 I NETWORK [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:07.505-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:47:08.713-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:39746 #1 (1 connection now open)
2017-06-22T15:47:09.008-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 151ms
2017-06-22T15:47:09.008-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 280ms
2017-06-22T15:47:09.198-0400 I NETWORK [conn1] end connection 172.18.0.2:39746 (0 connections now open)
2017-06-22T15:47:09.744-0400 I CONTROL [signalProcessingThread] got signal 15 (Terminated), will terminate after current cmd ends
2017-06-22T15:47:09.749-0400 I FTDC [signalProcessingThread] Shutting down full-time diagnostic data capture
2017-06-22T15:47:09.753-0400 I CONTROL [signalProcessingThread] now exiting
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] shutdown: going to close listening sockets...
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 6
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] closing listening socket: 7
2017-06-22T15:47:09.753-0400 I NETWORK [signalProcessingThread] removing socket file: /tmp/mongodb-27017.sock
2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to flush diaglog...
2017-06-22T15:47:09.754-0400 I NETWORK [signalProcessingThread] shutdown: going to close sockets...
2017-06-22T15:47:09.754-0400 I STORAGE [signalProcessingThread] WiredTigerKVEngine shutting down
2017-06-22T15:47:10.044-0400 I STORAGE [signalProcessingThread] shutdown: removing fs lock...
2017-06-22T15:47:10.045-0400 I CONTROL [signalProcessingThread] dbexit: rc: 0
2017-06-22T15:47:10.825-0400 I CONTROL [main] ***** SERVER RESTARTED *****
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/var/lib/mongodb 64-bit host=4a5966185063
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] db version v3.2.14
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] git version: 92f6668a768ebf294bd4f494c50f48459198e6a3
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] allocator: tcmalloc
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] modules: none
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] build environment:
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distmod: ubuntu1404
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] distarch: x86_64
2017-06-22T15:47:10.922-0400 I CONTROL [initandlisten] target_arch: x86_64
2017-06-22T15:47:10.923-0400 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "0.0.0.0", port: 27017 }, processManagement: { pidFilePath: "/var/run/mongod.pid" }, security: { authorization: "enabled" }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2017-06-22T15:47:10.940-0400 I - [initandlisten] Detected data files in /var/lib/mongodb created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-06-22T15:47:10.940-0400 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-06-22T15:47:13.466-0400 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-06-22T15:47:13.467-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2017-06-22T15:47:13.468-0400 I CONTROL [initandlisten]
2017-06-22T15:47:13.876-0400 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2017-06-22T15:47:13.876-0400 I NETWORK [initandlisten] waiting for connections on port 27017
2017-06-22T15:47:13.876-0400 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-06-22T15:48:13.362-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39426 #1 (1 connection now open)
2017-06-22T15:48:13.492-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39428 #2 (2 connections now open)
2017-06-22T15:48:13.528-0400 I ACCESS [conn2] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:30.488-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39454 #3 (3 connections now open)
2017-06-22T15:48:30.493-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39456 #4 (4 connections now open)
2017-06-22T15:48:30.495-0400 I ACCESS [conn4] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:34.065-0400 I NETWORK [conn2] end connection 172.18.0.6:39428 (3 connections now open)
2017-06-22T15:48:34.065-0400 I NETWORK [conn1] end connection 172.18.0.6:39426 (2 connections now open)
2017-06-22T15:48:44.930-0400 I NETWORK [conn4] end connection 172.18.0.6:39456 (1 connection now open)
2017-06-22T15:48:44.930-0400 I NETWORK [conn3] end connection 172.18.0.6:39454 (0 connections now open)
2017-06-22T15:48:46.287-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39484 #5 (1 connection now open)
2017-06-22T15:48:46.291-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39486 #6 (2 connections now open)
2017-06-22T15:48:46.293-0400 I ACCESS [conn6] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:48:58.031-0400 I NETWORK [conn6] end connection 172.18.0.6:39486 (1 connection now open)
2017-06-22T15:48:58.032-0400 I NETWORK [conn5] end connection 172.18.0.6:39484 (0 connections now open)
2017-06-22T15:49:02.907-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39512 #7 (1 connection now open)
2017-06-22T15:49:02.912-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.6:39514 #8 (2 connections now open)
2017-06-22T15:49:02.915-0400 I ACCESS [conn8] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.6 ; UserNotFound: Could not find user authenticated@admin
2017-06-22T15:49:10.806-0400 I NETWORK [conn8] end connection 172.18.0.6:39514 (1 connection now open)
2017-06-22T15:49:10.807-0400 I NETWORK [conn7] end connection 172.18.0.6:39512 (0 connections now open)
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb netstat -ntlup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1/mongod
tcp 0 0 127.0.0.11:44122 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.11:49005 0.0.0.0:*
上記の手順に基づいてユーザーを作成したと思いました。代わりに、ローカル データベースにユーザーを作成しましたか? authenticated特定のデータベースではなく、ユーザーで正常にログインできます。
vagrant@trusty64:/vagrant/test$ sudo docker exec -it mongodb mongo --port 27017 -u authenticated -p password
MongoDB shell version: 3.2.14
connecting to: 127.0.0.1:27017/test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
>
注:この質問の進行状況を追跡するために、対応する github issueがあります。
おそらく、上記から抜粋した次のサブスニペットに特に注意する必要があります/var/log/mongodb/mongod.log。
2017-06-22T17:49:49.663-0400 I NETWORK [initandlisten] connection accepted from 172.18.0.2:40926 #1 (1 connection now open)
2017-06-22T17:49:50.180-0400 I COMMAND [conn1] update admin.system.version query: { _id: "authSchema" } update: { $set: { currentVersion: 5 } } keysExamined:0 docsExamined:0 nMatched:1 nModified:1 upsert:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { W: 2 } } } 428ms
2017-06-22T17:49:50.397-0400 I COMMAND [conn1] insert admin.system.users ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } 188ms
2017-06-22T17:49:50.397-0400 I COMMAND [conn1] command test.$cmd command: createUser { createUser: "authenticated", pwd: "xxx", roles: [ "readWrite", "userAdmin", "dbAdmin", { role: "readWrite", db: "dataset" }, { role: "userAdmin", db: "dataset" }, { role: "dbAdmin", db: "dataset" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 5000.0 } } keyUpdates:0 writeConflicts:0 numYields:0 reslen:22 locks:{ Global: { acquireCount: { r: 4, w: 4 } }, Database: { acquireCount: { W: 4 } }, Collection: { acquireCount: { w: 1 } } } protocol:op_command 703ms
同じログ ファイルから、次のスニペットに関連するものがある可能性があります。
2017-06-22T17:59:38.129-0400 I ACCESS [conn10] SCRAM-SHA-1 authentication failed for authenticated on admin from client 172.18.0.4 ; UserNotFound: Could not find user authenticated@admin