RckHlp
December 5, 2024, 10:37am
1
Following this guide here: https://docs.rocket.chat/docs/deploy-with-docker-docker-compose
And this one: https://docs.rocket.chat/v1/docs/mongodb-uri-authentication
I can’t for the life of me set a password protected connection to mongodb. I know it runs in a container but still, not using a password doesn’t sound right.
This is what I’ve tried so far:
In my .env file, I added these lines;
MONGODB_ROOT_USERNAME=root
MONGODB_ROOT_PASSWORD=rootpass
In my compose.yml file, I made these changes:
service::rocketchat::
environment:
MONGO_URL: "mongodb://${MONGODB_ROOT_USERNAME}:${MONGODB_ROOT_PASSWORD}@${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/${MONGODB_DATABASE:-rocketchat}?authSource=admin&replicaSet=rs0"
MONGO_OPLOG_URL: "mongodb://${MONGODB_ROOT_USERNAME}:${MONGODB_ROOT_PASSWORD}@${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/local?authSource=admin&replicaSet=rs0"
environment:
MONGODB_REPLICA_SET_MODE: primary
MONGODB_REPLICA_SET_NAME: rs0
MONGODB_DATABASE: rocketchat
ALLOW_EMPTY_PASSWORD: no
MONGODB_ROOT_USERNAME: ${MONGODB_ROOT_USERNAME}
MONGODB_ROOT_PASSWORD: ${MONGODB_ROOT_PASSWORD}
MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017}
MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true}
Using this configuration this is the error I get:
rocketchat-1 | MongoTopologyClosedError: Topology is closed
rocketchat-1 | at /app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/src/sdam/topology.ts:515:42
rocketchat-1 | at processTicksAndRejections (node:internal/process/task_queues:95:5) {
rocketchat-1 | [Symbol(errorLabels)]: Set(0) {}
rocketchat-1 | }
rocketchat-1 | MongoServerSelectionError: getaddrinfo EAI_AGAIN mongodb
rocketchat-1 | at Timeout._onTimeout (/app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb/src/sdam/topology.ts:591:30)
rocketchat-1 | at listOnTimeout (node:internal/timers:581:17)
rocketchat-1 | at processTimers (node:internal/timers:519:7) {
rocketchat-1 | reason: TopologyDescription {
rocketchat-1 | type: 'ReplicaSetNoPrimary',
rocketchat-1 | servers: Map(1) { 'mongodb:27017' => [ServerDescription] },
rocketchat-1 | stale: false,
rocketchat-1 | compatible: true,
rocketchat-1 | heartbeatFrequencyMS: 10000,
rocketchat-1 | localThresholdMS: 15,
rocketchat-1 | setName: 'rs0',
rocketchat-1 | maxElectionId: null,
rocketchat-1 | maxSetVersion: null,
rocketchat-1 | commonWireVersion: 0,
rocketchat-1 | logicalSessionTimeoutMinutes: null
rocketchat-1 | },
rocketchat-1 | code: undefined,
rocketchat-1 | [Symbol(errorLabels)]: Set(0) {}
rocketchat-1 | }
rocketchat-1 |
rocketchat-1 | packages/core-runtime.js:189
rocketchat-1 | throw error;
rocketchat-1 | ^
rocketchat-1 | errorClass [Error]: [An error occurred when creating an index for collection "users: Topology is closed]
rocketchat-1 | at Collection.createIndexAsync (packages/mongo/collection.js:1140:15)
rocketchat-1 | at processTicksAndRejections (node:internal/process/task_queues:95:5)
rocketchat-1 | at module.wrapAsync.self (packages/accounts-password/password_server.js:1107:1) {
rocketchat-1 | isClientSafe: true,
rocketchat-1 | error: 'An error occurred when creating an index for collection "users: Topology is closed',
rocketchat-1 | reason: undefined,
rocketchat-1 | details: undefined,
rocketchat-1 | errorType: 'Meteor.Error'
rocketchat-1 | }
rocketchat-1 |
rocketchat-1 | Node.js v20.17.0
reetp
December 6, 2024, 11:17am
2
Can you access the mongo in the container from outside?
If not then it’s less of an issue.
AFAIA the this is a mongo issue rather than a Rocket.Chat one.
You probably need to create the user/password in the correct collection in mongo DB
eg
authentication, mongodb
Once you get it right and have checked the collection etc you can set up Rocket to use it.
Note a search here provided:
Description
Hello,
in an effort to make my Rocket.Chat Server more secure, I’d like to enable MongoDB Database Authentication. To achieve that, I changed the /etc/mongod.conf and added
security:
authorization: "enabled"
Then I changed my databases accordingly:
use admin
show users
{
"_id" : "admin.rocketchat",
"userId" : UUID("a95a7601-493d-4632-8ae5-bbe0358a1381"),
"user" : "rocketchat",
"db" : "admin",
"…
Which linked to this which probably provides your answer:
opened 08:35PM - 13 Nov 17 UTC
closed 09:56AM - 01 Dec 18 UTC
### Description:
I am trying to setup authentication on the mongodb server.
…
I am having a issue very similar to https://github.com/RocketChat/Rocket.Chat.Docs/issues/210 but I am not using the snap.
#### Rocket.Chat environment config:
```bash
MONGO_URL="mongodb://rocketchat:password@SERVER:27017/rocketchat" ROOT_URL=SERVER:3001/rocketchat/ PORT=3001
```
#### Attempted config changes
I have tried a couple permutations of roles for the mongo user `rocketchat`.
1. Creating an identical user on both admin and rocketchat databases each with role `root` on database `admin`.
2. I have tried the roles described here https://github.com/RocketChat/Rocket.Chat.Docs/issues/69
3. I have tried just a single user on database `rocketchat` with role `dbOwner`.
Every combination results in the same error in the rocketchat log.
I can login with the rocketchat user via `mongo` command line and run `db.users.getIndexes()` while using database `rocketchat`.
Any help is appreciated.
### Server Setup Information:
* Version of Rocket.Chat Server: 0.58.4
* Operating System: CentOS 7
* Deployment Method(snap/docker/tar/etc): manual install ( see https://docs.rocket.chat/installation/manual-installation/centos/ which now appears to be gone...)
* Number of Running Instances: 1
* DB Replicaset Oplog: N/A
* Node Version: v4.8.4
### Steps to Reproduce:
1. Create a user in mongodb with the appropriate roles (according to https://github.com/RocketChat/Rocket.Chat.Docs/issues/69)
2. Enable authentication on mongo
3. Setup the MONGO_URL connection string with the new user name and password (can be found here as well https://github.com/RocketChat/Rocket.Chat.Docs/issues/69)
4. Start rocket chat.
5. The `MongoError: not authorized on rocketchat to execute command { listIndexes: "users", cursor: {} }` should appear in the logs.
### Expected behavior:
Rocket.Chat to successfully start up
### Actual behavior:
Rocket chat crashes with the below error in the log.
### Relevant logs:
```bash
Nov 13 14:02:53 SERVER rocketchat: MongoError: not authorized on rocketchat to execute command { listIndexes: "users", cursor: {} }
Nov 13 14:02:53 SERVER rocketchat: at Object.Future.wait (/software/rocket.chat/0.58.4-linux-x64/programs/server/node_modules/fibers/future.js:449:15)
Nov 13 14:02:53 SERVER rocketchat: at [object Object].MongoConnection._ensureIndex (packages/mongo/mongo_driver.js:796:10)
Nov 13 14:02:53 server rocketchat: at [object Object].Mongo.Collection._ensureIndex (packages/mongo/collection.js:646:20)
Nov 13 14:02:53 SERVER rocketchat: at setupUsersCollection (packages/accounts-base/accounts_server.js:1490:9)
Nov 13 14:02:53 SERVER rocketchat: at new AccountsServer (packages/accounts-base/accounts_server.js:51:5)
Nov 13 14:02:53 SERVER rocketchat: at meteorInstall.node_modules.meteor.accounts-base.server_main.js (packages/accounts-base/server_main.js:9:12)
Nov 13 14:02:53 SERVER rocketchat: at fileEvaluate (packages/modules-runtime.js:333:9)
Nov 13 14:02:53 SERVER rocketchat: at require (packages/modules-runtime.js:228:16)
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/packages/accounts-base.js:2048:15
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/packages/accounts-base.js:2059:3
Nov 13 14:02:53 SERVER rocketchat: - - - - -
Nov 13 14:02:53 SERVER rocketchat: at Function.MongoError.create (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/error.js:31:11)
Nov 13 14:02:53 SERVER rocketchat: at queryCallback (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/cursor.js:212:36)
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/connection/pool.js:469:18
Nov 13 14:02:53 SERVER rocketchat: at nextTickCallbackWith0Args (node.js:489:9)
Nov 13 14:02:53 SERVER rocketchat: at process._tickCallback (node.js:418:13)
```
Note - I didn’t know the answer. I just spent some time searching and reading. It is how you can solve most issues…
1 Like