Trying to set up Mongo with authorisation enabled

mongo
cci-20

#1

Hi everybody!

I’ve got a little query for you all.

For the sake of consistency across all the envs our apps ends up running (Platform.sh, local Lando, etc.) I’d like to configure MongoDB on CircleCI so that authorisation is enabled. I have not been able to figure out how to do that so far. Any suggestions?

Thanks!


#2

Would you show us what you have so far? I imagine how to do so in the Mongo docs.

Assuming you are running Mongo as a secondary Docker container, you can pass all sorts of custom commands and env vars in Circle in the YAML format - see the docker key configuration reference in the docs.


#3

Cross-posted to Twitter:


#4

Technically incorrect. I started the discussion on Twitter, and I was then redirected here.


#5

Fair enough, but ensuring all copies have a link to duplicates where practicable is a good idea. If you get an answer on Twitter tomorrow, people will be able to check that before typing out a new one here.


#6

I’ve been doing some research and I don’t see an easy way to do this with the official Docker Library image (which is what our image is based on). Perhaps running your own MongoDB Docker image with auth enabled is the way to go here.

That is, assuming you’re using the Docker executor. As @halfer mentioned, know what you’re doing and/or with a config would be helpful.


#7

Hi guys. Thanks.
I haven’t posted a config because at the moment I removed the Mongo container from it.
But anyway, yes, I am using CCI2 with Docker executor. I was hoping one could pass a custom mongo config to it…but doesn’t seem to be the case.


#8

Can the mongod binary be started in a custom command, and then key/value config pairs supplied in an option? Or an option supplied to point to a custom config file?


#9

That’s what I was trying to find out.


#10

Sure, but could you try something? The syntax for custom commands is here, and I expect you can do mongod --help or man mongod to see how to turn on authentication.


#11

Thanks. That’s a start, I was getting lost in the docs. I’ll try that.


#12

So I could run something like

mongod --config /path/to/config.yml

but I am not too sure how to get my config.yml onto the Mongo container


#13

Forget that, it would seem that mongod also takes --auth as option, which should do what I need. Let’s see.


#14

I am going to leave here a snippet that will probably help people trying to do the same thing in the future.

version: 2
jobs:
  build:
    docker:
      - image: circleci/node:8.9.3
        environment:
          # Mongo connection info in Platform.sh format
          PLATFORM_RELATIONSHIPS: "eyAiZGF0YWJhc2UiIDogWyB7ICJzY2hlbWUiIDogIm1vbmdvZGIiLCAicGF0aCIgOiAibWFpbiIsICJwb3J0IiA6IDI3MDE3LCAicXVlcnkiIDogeyAiaXNfbWFzdGVyIiA6IHRydWUgfSwgInJlbCIgOiAibW9uZ29kYiIsICJwYXNzd29yZCIgOiAibWFpbiIsICJ1c2VybmFtZSIgOiAibWFpbiIsICJpcCI6ICIxMjcuMC4wLjEiLCAiaG9zdCIgOiAibG9jYWxob3N0IiB9IF0gfQo="
      - image: mongo:3.0
        command: [--auth]
    steps:
      # Dependecies.
      - run:
          name: Install MongoDB Shell 3.0 for Ubuntu Trusty
          command: |
            sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
            echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list
            sudo apt-get update
            sudo apt-get install -y --force-yes mongodb-org-shell
      # Config
      - run:
          name: Configure MongoDB
          command: |
            mongo admin --eval 'db.createUser({ user: "admin", pwd: "admin", roles: [{ role: "userAdminAnyDatabase", db: "admin" }]})'
            mongo main -uadmin -padmin --authenticationDatabase admin --eval 'db.createUser({ user: "main", pwd: "main", roles: [{ role: "dbOwner", db: "main" }]})'

#15

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.