0

everyone,

I'm having a hard time setting up a MongoDB container to have root password and creating a new user with less privileges (that will be my application user) automatically.

Ideally I should have only some scripts and a docker-compose configuration.

I tried adding the MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD but they don't seem to work. They do something, because when I start the container like that, I can't just connect to the mongo shell and run all the commands (and passing username and password will throw unauthorized errors).

Then I thought about adding a script at /docker-entrypoint-initdb.d/ but they dont seem to run. They don't show on console. Besides, i just put a javascript like this and I am not sure whether they will work:

var db = connect("mongodb://localhost/admin");

db.createRole(
    {
        role: "somerole",
        privileges: [
            {
              actions: [ "find", "update", "insert" ],
              resource: { db: "mydb", collection: "" } <--- does it means all colections od database mydb?!?!
            }
          ],
        roles: [  ]
    }
)

db.createUser(
    {
        user: "admin",
        pwd: "adminpass",
        roles: [ { role: "userAdminAnyDatabase", db: "mydb" } ]
    }
)

db.createUser(
    {
        user: "system",
        pwd: "systempass",
        roles: [ { role: "somerole", db: "mydb" } ]
    }
)

I would also want to create collections and insert documents. How do we do that? Shouldn't it be with entrypoints!?

4

2 回答 2

4

MongoDb 文档:安全参考

部分回应 1

部分回应 2

1)创建以下文件结构:

在此处输入图像描述

2) docker-compose.yml 的内容

version: "3"
services:
  mongodb:
    image: "mongo:4.1.1-xenial"
    restart: "unless-stopped"
    env_file:
     - ".env"
    ports:
     - "27017:27017"
    volumes:
     - "./database/data:/data/db"                           # Database files
     - "./database/fixtures:/docker-entrypoint-initdb.d"    # To create Db at start

3) default.js 的内容

/* Create a New user with "only READ" role */
db = db.getSiblingDB('admin');
db.createUser(
{ 
  "user": "John",
  "pwd": "MyPassword",
  "roles": [
     { "role": "read", "db": "data" } 
  ]
})
/* Misc - Other Data */
db = db.getSiblingDB('data');
db.data.save([
    {
        "name": "Frank",
        "email": "email1@gmail.com",
    },
    {
        "name": "Peter",
        "email": "email2@gmail.com",
    }
  ]);

4) .env 的内容

MONGO_INITDB_ROOT_USERNAME=Robert
MONGO_INITDB_ROOT_PASSWORD=GoodPassword

5) 转到您的终端并在 docker-compose.yml 文件的级别,执行:sudo docker-compose up -d

6)获取容器的名称:

执行:sudo docker ps a

7)进入容器内部:

执行:sudo docker exec -it <CONTAINER NAME> bash

8) 容器内:

执行:mongo --host localhost -u Robert -p GoodPassword --authenticationDatabase admin

注意:考虑到我们正在指定“身份验证数据库”

9) 选择数据库:

执行:use admin

10)显示用户(你必须找到两个用户罗伯特和约翰):

执行:show users

如您所见,在“数据”目录中存储了数据库的文件。

并且使用 default.js 文件,您可以从一开始就创建集合。

重要说明:如果您进行了一些更改并且这些更改未反映到数据库中,那么您需要删除“数据”的内容并再次运行:docker-compose up -d

可以说,如果“data”目录不为空,则不会考虑“default.js”文件。

于 2019-05-12T07:53:10.930 回答
0

我改变了一点你的配置,它运行正常:

码头工人-compose.yml:

version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    volumes:
      - ./init.js:/docker-entrypoint-initdb.d/init.js
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example
      MONGO_INITDB_DATABASE: mydb

在这里,我指定了最初要创建的数据库,并且还挂载了 init 脚本。

初始化.js:

var db = connect("mongodb://localhost/mydb");

db.createRole(
    {
        role: "somerole",
        privileges: [
            {
              actions: [ "find", "update", "insert" ],
              resource: { db: "mydb", collection: "" }
            }
          ],
        roles: [  ]
    }
)

db.createUser(
    {
        user: "admin",
        pwd: "adminpass",
        roles: [ { role: "somerole", db: "mydb" } ]
    }
)

db.createUser(
    {
        user: "system",
        pwd: "systempass",
        roles: [ { role: "somerole", db: "mydb" } ]
    }
)

这里重要的部分是第一行,否则您在 admin 数据库中创建一个角色,同时在 mydb 数据库中查找它。

通过此设置,我可以启动数据库并连接到它。

于 2019-05-12T07:56:40.977 回答