Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mongo 4.0.x: unable to create user #525

Closed
Wimmesberger opened this issue Jan 15, 2019 · 5 comments · Fixed by #561
Closed

Mongo 4.0.x: unable to create user #525

Wimmesberger opened this issue Jan 15, 2019 · 5 comments · Fixed by #561
Labels
bug Something isn't working

Comments

@Wimmesberger
Copy link

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5.5.6
  • Ruby: 2.5.1
  • Distribution: Ubuntu 18.04
  • Module version: 2.4.1
  • mongodb-org-server: 4.0.5

How to reproduce (e.g Puppet code you use)

class { 'mongodb::server':
    create_admin => true,
    admin_username => 'admin',
    admin_password => 'test123',
}

or

create_resources('mongodb::db', $mongo_dbs)

What are you seeing

Every puppet run completes successfully and states that the user(s) have been created. This causes the puppet runs to never get to a stable state.

The response json from the generated mongo command points out, that SCRAM-SHA-256 (default mechanism in mongodb 4.0.x) requires that the digest is done on the server (= digestPassword: true)
see https://docs.mongodb.com/manual/reference/command/createUser/ for reference.

What behaviour did you expect instead

Either:
The user is created.
Provide a parameter to customize the values of digestPasswort/mechanism.
The puppet run fails with an error (but that would require parsing the output).

Any additional information you'd like to impart

As a workaround I use a custom systemd dropin file for mongod which adds --setParameter authenticationMechanisms=SCRAM-SHA-1,PLAIN to the ExecStart to disable SCRAM-SHA-256
@negast
Copy link

negast commented Mar 29, 2019

Following fork fixed this for me: https://github.com/datty/puppet-mongodb

Note that in this fork your admin user has to be named admin in order to use the create_adminuser function. I created a subfork to only do this for the database named admin. But I guess maybe a boolean would be better.
original: https://github.com/datty/puppet-mongodb
mySubFork: https://github.com/negast/puppet-mongodb

@juniorsysadmin juniorsysadmin added the bug Something isn't working label Mar 31, 2019
@ram2valar
Copy link

@negast @datty Tried with the original and sub-fork to create admin user, but it failed with following message during puppet pull:

Error: Could not prefetch mongodb_database provider 'mongodb': undefined local variable or method n' for Puppet::Type::Mongodb_database::ProviderMongodb:Class Did you mean? n_ N_ Error: Failed to apply catalog: undefined local variable or method n' for Puppet::Type::Mongodb_database::ProviderMongodb:Class
Did you mean? n_
N_

@mungo312
Copy link

The fork is based on an old version. Maybe @negast can update it ? Or get it merged ? It is fixed with commit e27e9f0

@identw identw mentioned this issue Nov 7, 2019
Merged
@dhs-rec
Copy link
Contributor

dhs-rec commented Nov 25, 2019

Any chance to get this merged? Already had to create users manually in order to get things set up.

@identw
Copy link
Contributor

identw commented Nov 25, 2019

Any chance to get this merged? Already had to create users manually in order to get things set up.

Yes it will work. For example:

  1. I manually created a user "test" in the "test" database.
[
	{
		"_id" : "test.test",
		"userId" : UUID("c189ea17-4294-4972-a27f-89a663ec429b"),
		"user" : "test",
		"db" : "test",
		"roles" : [
			{
				"role" : "readWrite",
				"db" : "test"
			}
		],
		"mechanisms" : [
			"SCRAM-SHA-1",
			"SCRAM-SHA-256"
		]
	}
]

Example list collections:

mongo -utest -ptest --authenticationDatabase test --norc test --eval 'db.getCollectionNames()'
MongoDB shell version v4.2.1
connecting to: mongodb://127.0.0.1:27017/test?authSource=test&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("09d34fdc-d80b-473c-a0de-10349b92414f") }
MongoDB server version: 4.2.1
[ "test" ]
  1. I added a puppet's resource to create this user:
    mongodb_user { 'test':
        name          => 'test',
        ensure        => 'present',
        database      => 'test',
        password_hash => mongodb_password('test', 'test'),
        roles         => ['readWrite'],
        require       => [
            Mongodb_database['test']
        ]
    }

And apply agent:

$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for test-mongo
Info: Applying configuration version '1574706120'
Notice: /Stage[main]/Mongodb/Mongodb_user[test]/ensure: created
Notice: Applied catalog in 10.75 seconds

And check it

root@mongo16-2:~# mongo -utest -ptest --authenticationDatabase test --norc test --eval 'db.getCollectionNames()'
MongoDB shell version v4.2.1
connecting to: mongodb://127.0.0.1:27017/test?authSource=test&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("2f199334-fd71-47ed-a68a-5fd9109f660f") }
MongoDB server version: 4.2.1
[ "test" ]

Check second puppet apply:

# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for mongo-test
Info: Applying configuration version '1574706851'
Notice: Applied catalog in 9.85 seconds

@nmaludy nmaludy mentioned this issue Feb 10, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed the problem: the user was not created for Mongodb 4.x identw/puppet-mongodb
7 participants
@juniorsysadmin @dhs-rec @mungo312 @Wimmesberger @ram2valar @identw @negast