MongoDB connection, authentication failed

Question

MongoDB connection, authentication failed

Closed this issue a year ago · 9 comments

NunopRolo commented a year ago

IoT Agent JSON version the issue has been seen with

2.2.0

Bound or port used (API interaction)

Northbound (Provision API and NGSI Interactions)

NGSI version

NGSIv2

Are you running a container?

Yes, I am using a contaner (Docker, Kubernetes...)

Image type

distroless

Expected behaviour you didn't see

Successful authentication to MongoDB database

Unexpected behaviour you saw

Failed Authentication to MongoDB database

Steps to reproduce the problem

Execute this docker-compose:

version: "3.8"
services:
    iot-agent:
        image: quay.io/fiware/iotagent-json:2.2.0-distroless
        hostname: iot-agent
        container_name: fiware-iot-agent
        depends_on:
            - mongo-db
        networks:
            - fiware
        ports:
            - "${IOTA_NORTH_PORT}:${IOTA_NORTH_PORT}" 
            - "${IOTA_SOUTH_PORT}:${IOTA_SOUTH_PORT}"
        volumes:
            - ./configs/mosquitto_ssl/config/certs:/certs
        environment:
            - IOTA_CB_HOST=orion
            - IOTA_CB_PORT=${IOTA_CB_PORT}
            - IOTA_NORTH_PORT=${IOTA_NORTH_PORT}
            - IOTA_REGISTRY_TYPE=mongodb 
            - IOTA_TIMESTAMP=true 
            - IOTA_CB_NGSI_VERSION=v2 
            - IOTA_AUTOCAST=true 
            - IOTA_MONGO_HOST=mongo-db 
            - IOTA_MONGO_PORT=${IOTA_MONGO_PORT} 
            - IOTA_MONGO_USER=${MONGO_USER}
            - IOTA_MONGO_PASSWORD=${MONGO_PWD}
            - IOTA_MQTT_PROTOCOL=mqtts
            - IOTA_MQTT_HOST=${MQTT_HOST}
            - IOTA_MQTT_PORT=8883
            - IOTA_MQTT_CA=/certs/ca.crt
            - IOTA_MQTT_CERT=/certs/client.pem
            - IOTA_MQTT_KEY=/certs/client_key.pem
            - IOTA_MQTT_USERNAME=${MQTT_USER}
            - IOTA_MQTT_PASSWORD=${MQTT_PWD}
            - IOTA_DEFAULT_RESOURCE= 
            - IOTA_PROVIDER_URL=http://iot-agent:${IOTA_NORTH_PORT}
            - IOTA_DEFAULT_TRANSPORT=mqtts
            - IOTA_MQTT_REJECT_UNAUTHORIZED=false
        healthcheck:
            interval: 5s

    mongo-db:
        image: mongo:${IOTA_MONGO_DB_VERSION}
        hostname: mongo-db
        container_name: db-mongo
        expose:
            - "${IOTA_MONGO_PORT}"
        ports:
            - "${IOTA_MONGO_PORT}:${IOTA_MONGO_PORT}"
        networks:
            - fiware
        volumes:
            -  ./volumes/mongo-db/db:/data/db
        environment:
            - MONGO_INITDB_ROOT_USERNAME=${MONGO_USER}
            - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PWD}
        healthcheck:
            test: |
                host=`hostname --ip-address || echo '127.0.0.1'`; 
                mongo --quiet $host/test --eval 'quit(db.runCommand({ ping: 1 }).ok ? 0 : 2)' && echo 0 || echo 1
            interval: 5s

networks:
    fiware:

Configs

environment:
    - "IOTA_CB_HOST=orion"
    - "IOTA_CB_PORT=1026"
    - "IOTA_NORTH_PORT=4041"
    - "IOTA_SOUTH_PORT=7896"
    - "IOTA_MONGO_DB_VERSION=4.4"
    - "IOTA_MONGO_HOST=mongodb"
    - "IOTA_MONGO_PORT=27017"

Log output

subsrv=n/a | msg=Attempting to connect to MongoDB instance with url "mongodb://mongo-db:27017/iotagent" and options {"auth":{"user":"","password":""}}. Attempt 1 | comp=IoTAgent (node:1) [MONGODB DRIVER] Warning: Current Server Discovery and Monitoring engine is deprecated, and will be removed in a future version. To use the new Server Discover and Monitoring engine, pass option { useUnifiedTopology: true } to the MongoClient constructor. (Use node --trace-warnings ... to show where the warning was created) (node:1) [MONGODB DRIVER] Warning: Warning: no saslprep library specified. Passwords will not be sanitized
time=2023-08-14T21:12:11.543Z | lvl=ERROR | corr=9ad5f04f-8b95-4292-837e-54c57de0461d | trans=9ad5f04f-8b95-4292-837e-54c57de0461d | op=IoTAgentNGSI.DbConn | from=n/a | srv=n/a | subsrv=n/a | msg=MONGODB-001: Error trying to connect to MongoDB: MongoNetworkError: failed to connect to server [mongo-db:27017] on first connect [MongoError: Authentication failed. at Connection.messageHandler (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:364:19) at Connection.emit (node:events:513:28) at Connection.emit (node:domain:552:15) at processMessage (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:456:10) at Socket. (/opt/iotagent-json/node_modules/mongodb/lib/core/connection/connection.js:625:15) at Socket.emit (node:events:513:28) at Socket.emit (node:domain:552:15) at addChunk (node:internal/streams/readable:315:12) at readableAddChunk (node:internal/streams/readable:289:9) at Socket.Readable.push (node:internal/streams/readable:228:10) at TCP.onStreamRead (node:internal/stream_base_commons:190:23) at TCP.callbackTrampoline (node:internal/async_hooks:130:17) { ok: 0, code: 18, codeName: 'AuthenticationFailed' }]

Answer 1 · 2023-08-22T12:14:06.000Z

I'd say this problem is not related with the IOTA Agent itself but your running environment. It seems some kind of problem (maybe a connection problem?) is precluding IOTA container to connect to the MongoDB running in the other container. We have a lot of successful use cases in which IOTA is working with MongoDB, both running in docker containers.

I'd suggest to debug your deployment setup (i.e. check connectivity between containers, URL mongodb://mongo-db:27017/iotagent reachability from IOTA container, etc).

Answer 2 · 2023-08-22T13:33:48.000Z

Yes its accessible.
I tried the command you said, and I get the authentication failed error, but if I don't specify the database "/iotagent" the connection works fine.

One more thing I noticed is that the "iotagent" database is not being created, which could be where the problem comes from, but I don't know why it doesn't create the database.

I also tried the connection without mongodb authentication and everything works fine

Thanks

Answer 3 · 2023-08-22T13:36:59.000Z

I also tried the connection without mongodb authentication and everything works fine

That's is probably the key to debug this issue.

Answer 4 · 2023-08-23T06:11:51.000Z

Duplicated post at https://stackoverflow.com/questions/76902281/fiware-iot-agent-json-connection-to-mongodb-with-authentication ?

Answer 5 · 2023-10-10T14:58:18.000Z

This error still happen even when using NGSI-LD protocol, but the error doest seem to be related with this repo, cause its caused by the iotagent-node-lib that is used by this one. As I need to be fixed for my projects cause its not acceptable to use a MongoDB without authentication, i'll open it again in
https://github.com/telefonicaid/iotagent-node-lib
With a PR with the fix cause it's a small change.

This thread can be closed

Answer 6 · 2023-10-11T08:15:04.000Z

This error still happen even when using NGSI-LD protocol, but the error doest seem to be related with this repo, cause its caused by the iotagent-node-lib that is used by this one. As I need to be fixed for my projects cause its not acceptable to use a MongoDB without authentication, i'll open it again in https://github.com/telefonicaid/iotagent-node-lib With a PR with the fix cause it's a small change.

This thread can be closed

Do you mean this PR: telefonicaid/iotagent-node-lib#1511 ?

Answer 7 · 2023-10-11T08:23:07.000Z

Yes, that one. Issue comes from a bad composition of the mongo connection cause it ignores the authentication params

Answer 8 · 2023-10-11T08:27:57.000Z

Thanks for your feedback!

Thus, let's close this issue and continue in the PR

Answer 9 · 2023-10-11T13:26:04.000Z

Thank you very much for solving this problem!