-
-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sc-mongodb::user_management - fails to create admin and users #180
Comments
Hello Melon, I'm trying to reproduce the error with the role you posted on kitchen, and some of the configuration keys are invalid for my version of mongodb. Namely:
Could you help me with that? |
In more recent versions of mongo (3.x) the user format has changed so now instead of just username and password you need roles and database resources also. So if you want to make your admin user called 'adminuser' with a password 'adminpassword' you'd need to do something like this. node.default['mongodb']['admin']['username'] = 'adminuser' Documentation needs to be updated to reflect this. Opening a new ticket to address the fact that "auth": true doesn't actually enable authorization in recent versions. |
[root@bluesky-db-uat dbsave]# /opt/chef/embedded/bin/gem list --local *** LOCAL GEMS *** addressable (2.5.2, 2.4.0) |
I'm seeing the same behaviour when enforcing TLS/SSL using: normal['mongodb']['config']['mongod']['net']['ssl']['mode'] = 'requireSSL' |
@JJClements Are you including roles in your admin user creation as I suggested? |
@miedward no I am not, I do however see the exact same error when enforcing SSL using: normal['mongodb']['config']['mongod']['net']['ssl']['mode'] = 'requireSSL' It's probably worth pointing out that I also saw this error when creating a user with an incorrectly named MongoDB role. Are "roles": ["dbOwner", "root"] correct? Maybe try with only 'readWrite' instead? |
The OP error was for the user management cookbook (sc-mongodb::user_management) and this error has nothing to do with SSL If you are including that recipe (or it is a dependency on something you're using), your admin user should have something like node.default['mongodb']['admin']['username'] = 'mysystemadmin' And then for each database you would made a separate user with dbAdmin permission for that database. They can have the same username but I believe the recipe expects at least one entry for ['mongodb']['users']. This is what I am using. myuser = { |
Totally agree. I was simply pointing out that the issue is related to the creation of a user, or not being able to in this case. The error seems pretty generic, but ultimately shows for a few different scenarios in my experience, 2 of which I described above. |
Any solution? I have the same issue |
@MaximKraev Assuming you're talking about the OP and not the SSL issue, you need to include "roles" and "database" entries for the admin user as I suggested above.
|
Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs. |
I'm trying to have Chef provision a user account for graylog. I can't seem to get this working. I've looked over the attributes and the README but I am still having trouble. Am I doing something wrong, or is this a bug?
Chef Client output:
My Role:
The text was updated successfully, but these errors were encountered: