New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth-server not connecting to secure mongodb replicated cluster #69
Comments
I wrote the auth portion of the mongo integration. We use it daily with On Wed, Mar 2, 2016 at 8:59 AM, mv012004 notifications@github.com wrote:
|
This is the config that we have set, the mongo schema version is 3 and uses MONGODB-CR for auth.
|
It looks like you put your mongo auth information underneath the Just to clarify: Are you trying to do auth with ldap and acls with mongo? Or are you trying to do auth with both mongo and ldap? |
OK.. so we are doing user authentication through LDAP, and then the authorization/acls on the repository/namespaces based on the mongo data. |
@carsonoid can you help ? |
The fact that the logs says "failed to create auth server" makes me think that i'ts your ldap configuration that is causing the crash.. What happens when you comment it out the ldap_auth section and run the server? |
I will try that out, however the LDAP auth + Mongo DB connectivity seems to work fine if we clear out out the username/password and get rid of the auth from Mongo. not authorized for query on dockdb.auth
|
I have the similar problem @carsonoid @mv012004 Here is the auth server configuration:
the "root" user has root privilege in the admin database! we are seeing the following error: the mongodb client and server version are both 3.2.4 as below: 2016-03-29T18:02:06.971+0800 I CONTROL [initandlisten] db version v3.2.4 |
If I run mongodb without auth,auth server can successfully run! @carsonoid @mv012004
|
You probably shouldn't be using the On Tue, Mar 29, 2016 at 4:20 AM, fightingdu notifications@github.com
|
I have tried according to what you said above,but,the problem is that there is no "root" role in docker_auth db,I want to create the use "root" to have root access to docker_auth db,but the error happens as below:
Have you tried using the docker_auth db with user and password_file on the side of auth server? |
I know that the auth_server works for sure with a dedicated db, user, and
On Tue, Mar 29, 2016 at 7:30 PM, fightingdu notifications@github.com
|
Also having the exact same auth problem. |
Also, I am not replicating. |
If that is indeed the case you need to post your auth server logs. Run it On Wed, Mar 30, 2016 at 5:16 PM, John Engelman notifications@github.com
|
|
Are you sure that your mongo user is a dbAdmin on the destination database? On Wed, Mar 30, 2016 at 5:48 PM, John Engelman notifications@github.com
|
yes. |
If that doesn't work can you post the results of On Wed, Mar 30, 2016 at 5:55 PM, John Engelman notifications@github.com
|
|
It's not network related. I launched the container in a shell mode, verified the connection, the tried to run the app and get the same error. I've also tried downgrading to Mongo 3.0, same error. |
Can you log in as the auth user to that database and create the index On Wed, Mar 30, 2016 at 6:31 PM, John Engelman notifications@github.com
|
Not sure the exact command to run here, but:
|
Can you share your auth_server.yaml so I can test against it? On Wed, Mar 30, 2016 at 6:41 PM, John Engelman notifications@github.com
|
|
Note, i'm using |
I finally got it! Our sample configs have a bad name. You need to use "username" instead of "user" under the mongo sections of the config. So the server isn't actually authenticating at all, its just using the default user. That's on us. I'll submit a PR with the fix tomorrow. For future reference that everything under the dial_info section slurps all config options as defined at https://godoc.org/labix.org/v2/mgo#DialInfo, The names are converted to lower case of course. |
thandyou! @carsonoid , my problem has been solved! |
@carsonoid fixed mine too! I should have seen that!. |
@rojer Looks like you can close this. |
thank you! |
I have an additional question.I want to use docker auth as the token-based authentication and authorization server in my company,so I want to know the performance and stability of docker auth and how many companies are using it at present,Could you please give me a detailed description about the above questions? Looking forward to your reply! @carsonoid @rojer |
@rojer can probably speak more to it's DL stats from docker hub and about it's adoption. But I can say for sure that it's very stable. I use it every day in production with lots of users and ACLs and it's performed beautifully. I'll admit that Portus boasts a few more features and a GUI. However the mongo support in docker_auth has been a big deal for me. I actually run multiple docker_auths and load balance between them since all our users/ACLs are in mongo and all the images are on S3. Portus also seems to want to know a lot about your registry in order to render the gui and has more overhead in regards to configuration and maintenance. docker_auth takes a much more hands off approach; it really just does auth and does it well. |
i should note that docker_auth is not our company's main product and not something i spend a lot of my time on. hardly any, really. it's something i wrote almost off-the cuff, just because the traditional nginx + auth v1 setup seemed weird and awkward and no other solutions were available at the time (portus either did not exist or i didn't find it). we're not competing with portus, i haven't even looked at it. it's been working ok for us, no crashes. we are a small shop though, it doesn't see much load. judging by the company names of those who starred the project, it does get some use, and the fetch count of the repo on the docker hub is in the hundreds of thousands. |
Many thanks for your kind response! |
docker_auth is about auth and auth only, it doesn't provide any indexing or search capabilities. |
Ok,I will make it by myself! |
Configured the auth-server same as the example with details modified to connect to my replicated mongodb cluster, we are seeing the following error,
The mongodb cluster has internal authentication and my other java app is able to connect to the same without issues using the credentials, unable to do that through docker-auth.
Anyone has any experience with mongo auth ?
The text was updated successfully, but these errors were encountered: