Graylog container cannot connect to MongoDB container


(Tejaswini UL) #1

I have some troubles setting up Graylog2 under docker. Everything works until I try using authentication. All I get is the following error repeated forever.

Trying both root and graylog user (in both graylog and admin db) gives the same result.

The log from mongodb says both users are created during setup. But graylog says it does not find any graylog user in database graylog. Same with user root.

I’m new to MongoDB and have no idea how authentication works in MongoDB. But from what I understand mongoDB authentication (similar to --auth parameter) is activated when providing user/pw for root account (https://github.com/docker-library/mongo/pull/145).

Is it possible that Graylog ses a different authentication mechanism than MongoDB is excpecting? See line #158 in the pasted log

Error message as root user

mongodb_1 | 2017-04-16T13:27:52.486+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:46566 #12 (1 connection now open)
mongodb_1 | 2017-04-16T13:27:52.495+0000 I NETWORK [conn12] received client metadata from 172.18.0.4:46566 conn12: { driver: { name: “mongo-java-driver”, version: “unknown” }, os: { type: “Linux”, name: “Linux”, architecture: “amd64”, version: “4.4.0-72-generic” }, platform: “Java/Oracle Corporation/1.8.0_72-internal-b15” }
mongodb_1 | 2017-04-16T13:27:52.525+0000 I ACCESS [conn12] SCRAM-SHA-1 authentication failed for root on graylog from client 172.18.0.4:46566 ; UserNotFound: Could not find user root@graylog
mongodb_1 | 2017-04-16T13:27:52.543+0000 I - [conn12] end connection 172.18.0.4:46566 (1 connection now open)

Error message as graylog user (Full log on pastebin)

mongodb_1 | 2017-04-16T15:47:48.404+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:41602 #7 (1 connection now open)
mongodb_1 | 2017-04-16T15:47:48.410+0000 I NETWORK [conn7] received client metadata from 172.18.0.4:41602 conn7: { driver: { name: “mongo-java-driver”, version: “unknown” }, os: { type: “Linux”, name: “Linux”, architecture: “amd64”, version: “4.4.0-72-generic” }, platform: “Java/Oracle Corporation/1.8.0_72-internal-b15” }
mongodb_1 | 2017-04-16T15:47:48.418+0000 I ACCESS [conn7] SCRAM-SHA-1 authentication failed for graylog on graylog from client 172.18.0.4:41602 ; UserNotFound: Could not find user graylog@graylog
mongodb_1 | 2017-04-16T15:47:48.423+0000 I - [conn7] end connection 172.18.0.4:41602 (1 connection now open)

This is my ./docker-composer.yml

version: ‘2’
services:
mongodb:
build: ./mongodb
volumes:
- /docker/mongodb/data:/data/db
elasticsearch:
image: “elasticsearch:2”
command: “elasticsearch -Des.cluster.name=‘graylog’”
volumes:
- /docker/elasticsearch/data:/usr/share/elasticsearch/data
graylog:
image: graylog2/server
volumes:
- /docker/graylog/journal:/usr/share/graylog/data/journal
- /docker/graylog/config:/usr/share/graylog/data/config
environment:
#GRAYLOG_MONGODB_URI: mongodb://root:drUqGGCMh@mongodb:27017/graylog
GRAYLOG_MONGODB_URI: mongodb://graylog:vWGzncmBe9@mongodb:27017/graylog
depends_on:
- mongodb
- elasticsearch
ports:
- “9000:9000”

./mongodb/Dockerfile

FROM mongo:3
ENV MONGO_INITDB_ROOT_USERNAME: root
ENV MONGO_INITDB_ROOT_PASSWORD: drUqGGCMh
ADD grayloguser.js /docker-entrypoint-initdb.d/grayloguser.js

./mogodb/grayloguser.js

db.getSiblingDB(‘graylog’);
db.createUser(
{
user: “graylog”,
pwd: “vWGzncmBe9”,
roles: [
{ role: “dbOwner”, db: “graylog” }
]
}
);


Thanks & Regdards
Tejaswini


(Jochen) #2

Your MongoDB initialization file is incorrect.

The following setup works for me™:

docker-compose.yml:

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
    environment:
      - MONGO_INITDB_ROOT_USERNAME=root
      - MONGO_INITDB_ROOT_PASSWORD=drUqGGCMh
    volumes:
      - ./graylog.js:/docker-entrypoint-initdb.d/graylog.js:ro
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.6.10
    environment:
      - http.host=0.0.0.0
      - discovery.type=single-node
      # Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
      - xpack.security.enabled=false
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:2.4.5-1
    environment:
      # CHANGE ME!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
      - GRAYLOG_MONGODB_URI=mongodb://graylog:vWGzncmBe9@mongodb:27017/graylog
      - GRAYLOG_MESSAGE_JOURNAL_ENABLED=false
    links:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000

MongoDB initialization file (graylog.js):

graylog = db.getSiblingDB('graylog');
graylog.createUser(
  {
    user: "graylog",
    pwd: "vWGzncmBe9",
    roles: [
      { role: "dbOwner", db: "graylog" }
    ]
  }
);

Graylog REST API:

$ curl -H 'Accept: application/json' 'http://localhost:9000/api/?pretty=true'
{
  "cluster_id" : "038bc07e-58d6-4bd8-93a1-15c124aafc78",
  "node_id" : "80851cbe-2787-429d-a817-d320b3ef1bcc",
  "version" : "2.4.5+8e18e6a",
  "tagline" : "Manage your logs in the dark and have lasers going and make it look like you're from space!"
}
$ curl -u admin:admin -H 'Accept: application/json' 'http://localhost:9000/api/system/cluster/stats/mongo?pretty=true'
{
  "servers" : [ "mongodb:27017" ],
  "build_info" : {
    "version" : "3.6.3",
    "git_version" : "9586e557d54ef70f9ca4b43c26892cd55257e1a5",
    "sys_info" : "deprecated",
    "loader_flags" : null,
    "compiler_flags" : null,
    "allocator" : "tcmalloc",
    "version_array" : [ 3, 6, 3, 0 ],
    "javascript_engine" : "mozjs",
    "bits" : 64,
    "debug" : false,
    "max_bson_object_size" : 16777216
  },
  "host_info" : null,
  "server_status" : null,
  "database_stats" : {
    "db" : "graylog",
    "collections" : 26,
    "objects" : 166,
    "avg_obj_size" : 413.8313253012048,
    "data_size" : 68696,
    "storage_size" : 307200,
    "num_extents" : 0,
    "indexes" : 51,
    "index_size" : 528384,
    "file_size" : null,
    "ns_size_mb" : null,
    "extent_free_list" : null,
    "data_file_version" : null
  }
}

(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.