how to make a mongo docker container with auth

Question

I couldn't connect it by remote or even docker exec -it container bash. What's wrong with my script?

The log seems that, user has been added successfully, but why exit in the end?

There is must something wrong with my bash code, so what's the problems here?

Docker version 1.13.1, build 092cba3

dockerfile

FROM ubuntu:16.04
MAINTAINER TonyWang <plantpark.net@gmail.com>
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
RUN echo "deb http://repo.mongodb.org/apt/ubuntu $(cat /etc/lsb-release | grep DISTRIB_CODENAME | cut -d= -f2)/mongodb-org/3.2 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.2.list
RUN apt-get update && apt-get install -y mongodb-org
RUN mkdir -p /data/db

ADD set_mongodb_password.sh /set_mongodb_password.sh

EXPOSE 27017 28017
CMD ["/set_mongodb_password.sh"]

set_mongodb_password.sh

#!/bin/bash
set -m
/usr/bin/mongod
sleep 5
mongo admin --eval "help" >/dev/null 2>&1

mongodb_cmd="mongod --storageEngine wiredTiger"
cmd="$mongodb_cmd --httpinterface --rest --master"
cmd="$cmd --auth"
$cmd &

sleep 2

mongo admin --eval "db.createUser({user: 'rootUser', pwd: 'rootPass', roles:[{role:'root',db:'admin'}]});"
mongo admin -u rootUser -p rootPass << EOF
use admin
db.createUser({user: 'testuser', pwd: 'testpass', roles:[{role:'dbOwner',db:'Mongotest'}]})
EOF

docker logs container

MongoDB shell version: 3.2.12
connecting to: admin
2017-03-19T13:52:52.591+0000 I NETWORK  [initandlisten] connection accepted from 127.0.0.1:45052 #1 (1 connection now open)
2017-03-19T13:52:52.591+0000 I ACCESS   [conn1] note: no users configured in admin.system.users, allowing localhost access
Successfully added user: {
    "user" : "rootUser",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
2017-03-19T13:52:52.617+0000 I NETWORK  [conn1] end connection 127.0.0.1:45052 (0 connections now open)
MongoDB shell version: 3.2.12
connecting to: admin
2017-03-19T13:52:52.650+0000 I NETWORK  [initandlisten] connection accepted from 127.0.0.1:45054 #2 (1 connection now open)
2017-03-19T13:52:52.663+0000 I ACCESS   [conn2] Successfully authenticated as principal rootUser on admin
switched to db admin
Successfully added user: {
    "user" : "testuser",
    "roles" : [
        {
            "role" : "dbOwner",
            "db" : "Mongotest"
        }
    ]
}
bye
2017-03-19T13:52:52.677+0000 I NETWORK  [conn2] end connection 127.0.0.1:45054 (0 connections now open)

@KarolyHorvath confusing about your words , could explain more ? The title is something wrong by mistake, sorry for that. — Tony Wang, Mar 19 '17 at 14:18
Can you show how you are starting the mongo container? e.g. the _docker run_ command, or the section of docker-compose.yml. — Vince Bowdren, Mar 21 '17 at 14:45
@VinceBowdren docker run -d -p 27018:27017 --name mongo_instance01 mongo_docker(image name). All most the same command with other container. Of course, build first. — Tony Wang, Mar 21 '17 at 14:56

score 2 · Answer 1 · edited May 23 '17 at 12:09

The docker container exits because it has finished running the command you've told it to run, set_mongodb_password.sh.

However, I wouldn't recommending trying to work around this; I think your design of having the seed routine built into the server container is a bad idea, and would instead recommend keeping the seed routine separate. For a number of reasons:

You are committing yourself to using the same username and password on every system (dev, test, production), which is poor security practice.
You are storing the username and password in the docker image i.e. in the application; again this is a security vulnerability.
You are committing your database system to running the seed routine every time a container is started, which is a bad idea: it should be a once-only job, independent of how and when individual containers and servers are run.

It might be useful to take a look at a question and answer about mongo seeding using a separate container, and do some research into docker secrets also.

1. With bash script , it could use some random generating password. Without bash , it's not efficient. It's same to the second one. 3. Thanks for remind me that. I didn't even know . Should add some other code to delete itself after installation or just run once. But I't not familiar with Bash, Still lots of new knowledges to learn — Tony Wang, Mar 22 '17 at 13:54

score 2 · Answer 2 · answered Apr 15 '17 at 19:10

Setp.1 createUser.js save to /initMongo dir

db = db.getSiblingDB('mydb');
db.createUser({
    user: "myUser" , 
    pwd: "sa123456", 
    roles: [  
        { role:"dbOwner", db: "mydb" }
    ]
});

Step.2 docker-compose.yml

version: '2'
services:
  mongodb:
    container_name: mongodb
    image: mongo:3.4
    ports:
      - 27017:27017
    volumes: 
      - /initMongo:/docker-entrypoint-initdb.d/
    environment: 
      - MONGO_INITDB_ROOT_USERNAME=admin
      - MONGO_INITDB_ROOT_PASSWORD=admin123456

MongoURL

mongodb://myUser:sa123456@mongodb:27017/mydb

how to make a mongo docker container with auth

2 Answers2

Linked