user_management fails to add users to the database

Question

user_management fails to add users to the database

johnoliver opened this issue 10 years ago · 4 comments

I cant find any combination of user configuration that does not result in the following message from mongo:

Database command 'createUser' failed: No role named userAdminAnyDatabase@myDb

I have tried setting the property as follows:

      :users => [
        {
            :username => 'foo',
            :password => 'bar',
            :roles => ['userAdminAnyDatabase', 'dbAdminAnyDatabase']
        }
      ]

And adding the following to a recipe

mongodb_user 'foo' do
    password 'bar'
    roles %w(userAdminAnyDatabase dbAdminAnyDatabase)
    database 'myDb'
    connection node['mongodb']
    action :add
end

they all result in the above error message. I have tried a range of different role values the all fail.

Answer 1 · 2014-07-25T13:34:15.000Z

Ok, obviously I would figure it out immediately after submitting this. In fact it is the case that only roles that apply to a single database can be applied, all others will fail.

Answer 2 · 2014-07-25T18:52:17.000Z

Hi John! Sorry if the recipe caused you any unnecessary stress. Glad to hear you were able to figure it out. If there's anything that I can add to the readme to make it more clear on how to use, please let me know.

Adding users to mongo has always been troublesome for me, it always seems to take an exactly specific command to get it to work. The recipe also might have trouble with sharded, replicated sets. I'll be taking a look at that soon, I hope.

Answer 3 · 2015-04-22T20:29:14.000Z

Hi @cjhubert @johnoliver

i have been trying to use the user_management recipe for enabling user authorization on the mongo clusters.. thought i have tried to get it to work on manually on a sharded cluster.. i am having problems to deploy this automatically. Could you please help clarify few of my confusions around using user_management recipe?

is the user_management recipe to be included and used only in shard servers?

i ask this because he cookbook initializes the shards only when mongos is built. and until then havning auth=true is sufficient?

when i include the user_management recipe to add users in mongos, is any other attribute required at mongos for user_management? i understand auth is not a valid option for mongos. hence assuming a user can be added at mongos?
Am new to mongo and still figuring out the obvious. any help will really help me get through this,

Thanks!

Answer 4 · 2015-04-22T21:49:37.000Z

@JayashreeN It sounds like you're trying to add users in a sharded/replicated set and not a single node, correct? If so, I would recommend checking out this repo which has an example of running it using chef_solo with 3 config servers, 3 mongod servers, and 1 mongos server.