Search code examples
mongodbsecuritydockergraylog

Graylog container cannot connect to MongoDB container

I have some troubles setting up Graylog2 under docker. Everything works until I try using authentication. All I get is the following error repeated forever.

Trying both root and graylog user (in both graylog and admin db) gives the same result.

The log from mongodb says both users are created during setup. But graylog says it does not find any graylog user in database graylog. Same with user root.

I'm new to MongoDB and have no idea how authentication works. But from what I understand authentication (similar to --auth parameter) is activated when providing user/pw for root account (https://github.com/docker-library/mongo/pull/145).

Is it possible that Graylog ses a different authentication mechanism than MongoDB is excpecting? See line #158 in the pasted log

Error message as root user

mongodb_1        | 2017-04-16T13:27:52.486+0000 I NETWORK  [thread1] connection accepted from 172.18.0.4:46566 #12 (1 connection now open)
mongodb_1        | 2017-04-16T13:27:52.495+0000 I NETWORK  [conn12] received client metadata from 172.18.0.4:46566 conn12: { driver: { name: "mongo-java-driver", version: "unknown" }, os: { type: "Linux", name: "Linux", architecture: "amd64", version: "4.4.0-72-generic" }, platform: "Java/Oracle Corporation/1.8.0_72-internal-b15" }
mongodb_1        | 2017-04-16T13:27:52.525+0000 I ACCESS   [conn12] SCRAM-SHA-1 authentication failed for root on graylog from client 172.18.0.4:46566 ; UserNotFound: Could not find user root@graylog
mongodb_1        | 2017-04-16T13:27:52.543+0000 I -        [conn12] end connection 172.18.0.4:46566 (1 connection now open)

Error message as graylog user (Full log on pastebin)

mongodb_1        | 2017-04-16T15:47:48.404+0000 I NETWORK  [thread1] connection accepted from 172.18.0.4:41602 #7 (1 connection now open)
mongodb_1        | 2017-04-16T15:47:48.410+0000 I NETWORK  [conn7] received client metadata from 172.18.0.4:41602 conn7: { driver: { name: "mongo-java-driver", version: "unknown" }, os: { type: "Linux", name: "Linux", architecture: "amd64", version: "4.4.0-72-generic" }, platform: "Java/Oracle Corporation/1.8.0_72-internal-b15" }
mongodb_1        | 2017-04-16T15:47:48.418+0000 I ACCESS   [conn7] SCRAM-SHA-1 authentication failed for graylog on graylog from client 172.18.0.4:41602 ; UserNotFound: Could not find user graylog@graylog
mongodb_1        | 2017-04-16T15:47:48.423+0000 I -        [conn7] end connection 172.18.0.4:41602 (1 connection now open)

This is my ./docker-composer.yml


    version: '2'
    services:
      mongodb:
        build: ./mongodb
        volumes:
          - /docker/mongodb/data:/data/db
      elasticsearch:
        image: "elasticsearch:2"
        command: "elasticsearch -Des.cluster.name='graylog'"
        volumes:
          - /docker/elasticsearch/data:/usr/share/elasticsearch/data
      graylog:
        image: graylog2/server
        volumes:
          - /docker/graylog/journal:/usr/share/graylog/data/journal
          - /docker/graylog/config:/usr/share/graylog/data/config
        environment:
          #GRAYLOG_MONGODB_URI: mongodb://root:drUqGGCMh@mongodb:27017/graylog
          GRAYLOG_MONGODB_URI: mongodb://graylog:vWGzncmBe9@mongodb:27017/graylog
        depends_on:
          - mongodb
          - elasticsearch
        ports:
          - "9000:9000"

./mongodb/Dockerfile


    FROM mongo:3
    ENV MONGO_INITDB_ROOT_USERNAME: root
    ENV MONGO_INITDB_ROOT_PASSWORD: drUqGGCMh
    ADD grayloguser.js /docker-entrypoint-initdb.d/grayloguser.js

./mogodb/grayloguser.js


    db.getSiblingDB('graylog');
    db.createUser(
      {
        user: "graylog",
        pwd: "vWGzncmBe9",
        roles: [
           { role: "dbOwner", db: "graylog" }
        ]
      }
    );
Solution

  • Your MongoDB script is incorrect.

    Either assign the return value of db.getSiblingDB('graylog') to a variable and use that for createUser(), or keep using use graylog instead:

    graylog = db.getSiblingDB('graylog');
graylog.createUser(
  {
    user: "graylog",
    pwd: "vWGzncmBe9",
    roles: [
       { role: "dbOwner", db: "graylog" }
    ]
  }
);

    In other words, just stick to the MongoDB documentation: https://docs.mongodb.com/manual/tutorial/create-users/#username-password-authentication