Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I try to configure graylog to run inside a docker container using docker-compose.
But when starting graylog using docker compose, I can see in the log that graylog cannot connect to the MongoDB. Everything was working without trying to specify custom user, password, database. But as I want to deploy this in production I think it’s preferable for the database to have a password
mongo-graylog | {"t":{"$date":"***************"},"s":"I", "c":"ACCESS", "id":***************, "ctx":"conn8","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"MyMongoDBName","authenticationDatabase":"graylog","remote":"***************","extraInfo":{},"error":"UserNotFound: Could not find user \"ByVetsMongo\" for db \"graylog\""}}
I never have used a mongodb database before.
2. Describe your environment:
OS : Ubuntu 22.04 TLS
docker-compose :
version: "3.8"
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo-graylog:
image: ${GRAYLOG_MONGO_IMAGE_TAG}
container_name: mongo-graylog
volumes:
- graylog-mongo-data:/data/db
- /var/log/graylog/mongodb:/var/log/mongodb
- .graylog.js:/docker-entrypoint-initdb.d/graylog.js # Mount the init-scripts directory
environment:
- MONGO_INITDB_ROOT_USERNAME=${GRAYLOG_MONGO_USER}
- MONGO_INITDB_ROOT_PASSWORD=${GRAYLOG_MONGO_PASSWORD}
networks:
- graylog-network
ports:
- ":27017/tcp"
healthcheck:
test: ["CMD", "mongo", "--eval", "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 3
restart: unless-stopped
logging:
driver: gelf
options:
gelf-address: "********"
tag: ${GRAYLOG_LOG_TAG_MONGODB}
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
graylog-elasticsearch:
image: ${GRAYLOG_ELASTIC_IMAGE_TAG}
container_name: graylog-elasticsearch
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
- /var/log/graylog/elasticsearch:/usr/share/elasticsearch/logs
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog-network
ports:
- ":9200/tcp"
- ":9300/tcp"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9200/_cluster/health"]
interval: 30s
timeout: 10s
retries: 5
restart: unless-stopped
logging:
driver: gelf
options:
gelf-address: "**************"
tag: ${GRAYLOG_LOG_TAG_ELASTIC}
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: ${GRAYLOG_IMAGE_TAG}
container_name: graylog
volumes:
- graylog-data:/usr/share/graylog/data
- /var/log/graylog/graylog:/usr/share/graylog/logs
environment:
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
- GRAYLOG_ROOT_USERNAME=${GRAYLOG_ROOT_USERNAME}
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
- GRAYLOG_ROOT_EMAIL=${GRAYLOG_ROOT_EMAIL}
- GRAYLOG_ROOT_TIMEZONE=***************
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
- GRAYLOG_TRUSTED_PROXIES= 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
- MONGODB_URI=mongodb://${GRAYLOG_MONGO_USER}:${GRAYLOG_MONGO_PASSWORD}@mongo-graylog:27017/${GRAYLOG_MONGO_NAME}
- GRAYLOG_MONGODB_URI=mongodb://${GRAYLOG_MONGO_USER}:${GRAYLOG_MONGO_PASSWORD}@mongo-graylog:27017/{GRAYLOG_MONGO_NAME}
- MONGO_INITDB_ROOT_USERNAME=${GRAYLOG_MONGO_USER}
- MONGO_INITDB_ROOT_PASSWORD=${GRAYLOG_MONGO_PASSWORD}
- GRAYLOG_MONGO_INITDB_ROOT_USERNAME=${GRAYLOG_MONGO_USER}
- GRAYLOG_MONGO_INITDB_ROOT_PASSWORD=${GRAYLOG_MONGO_PASSWORD}
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
- traefik-network
- graylog-network
ports:
# Graylog web interface and REST API
- "9000:9000/tcp"
# Syslog TCP
- "1514:1514/tcp"
# Syslog UDP
- "1514:1514/udp"
# GELF TCP
- "12201:12201/tcp"
# GELF UDP
- "12201:12201/udp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.graylog-web.rule=Host(`${GRAYLOG_HOSTNAME}`)"
- "traefik.http.routers.graylog-web.service=graylog-web"
- "traefik.http.routers.graylog-web.entrypoints=websecure"
- "traefik.http.services.graylog-web.loadbalancer.server.port=9000"
- "traefik.http.routers.graylog-web.tls=true"
- "traefik.http.routers.graylog-web.tls.certresolver=myresolver"
- "traefik.http.services.graylog-web.loadbalancer.passhostheader=true"
- "traefik.http.routers.graylog-web.middlewares=compresstraefik"
- "traefik.http.middlewares.compresstraefik.compress=true"
- "traefik.tcp.routers.graylog-syslog-tcp.rule=HostSNI(`*`)"
- "traefik.tcp.routers.graylog-syslog-tcp.service=graylog-syslog-tcp"
- "traefik.tcp.routers.graylog-syslog-tcp.entrypoints=graylog-syslog-tcp"
- "traefik.tcp.services.graylog-syslog-tcp.loadbalancer.server.port=1514"
- "traefik.udp.routers.graylog-syslog-udp.service=graylog-syslog-udp"
- "traefik.udp.routers.graylog-syslog-udp.entrypoints=graylog-syslog-udp"
- "traefik.udp.services.graylog-syslog-udp.loadbalancer.server.port=1514"
- "traefik.tcp.routers.graylog-gelf-tcp.rule=HostSNI(`*`)"
- "traefik.tcp.routers.graylog-gelf-tcp.service=graylog-gelf-tcp"
- "traefik.tcp.routers.graylog-gelf-tcp.entrypoints=graylog-gelf-tcp"
- "traefik.tcp.services.graylog-gelf-tcp.loadbalancer.server.port=12201"
- "traefik.udp.routers.graylog-gelf-udp.service=graylog-gelf-udp"
- "traefik.udp.routers.graylog-gelf-udp.entrypoints=graylog-gelf-udp"
- "traefik.udp.services.graylog-gelf-udp.loadbalancer.server.port=12201"
- "traefik.docker.network=traefik-network"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/api/"]
interval: 30s
timeout: 10s
retries: 5
restart: unless-stopped
links:
- mongo-graylog:mongo
- graylog-elasticsearch:elasticsearch
depends_on:
- mongo-graylog
- graylog-elasticsearch
logging:
driver: gelf
options:
gelf-address: "************************"
tag: ${GRAYLOG_LOG_TAG}
volumes:
graylog-mongo-data:
driver: local
elasticsearch-data:
driver: local
graylog-data:
driver: local
networks:
traefik-network:
external: true
graylog-network:
external: true
graylog.js
db.createUser({
user: 'MyMongoDBName',
pwd: 'aPassword',
roles: [
{
role: 'root',
db: 'admin',
},
],
});
db.createCollection('graylog', { capped: false });
db.graylog.createUser({
user: 'MyMongoDBName',
pwd: 'aPassword',
roles: [
{
role: 'root',
db: 'admin',
},
],
});
3. What steps have you already taken to try and solve the problem?
Changing the code that is initializing the database to try fixing the problem
4. How can the community help?
Any help that can help me identify how to fix the problem. Link to some tutorial on how to initialize a mongodb in a docker-compose with graylog.
Any documentation on how to properly right the js init script. (I don’t have much experience with js and mongo)
Do I have to create my user in the admin db ? Or in the graylog ? or both ?
What is a Collection is it more like a postgres schema or is it another name for database. As I’m not sure to fully understand all of this.
What is the good password form factor has to be a raw string or a SHA1 version or, …
I’m looking for anything, because I already tested a lot of mico change here and there, and never get it running.
Thanks you all in advance for your help. I will be happy to provide more information if needed.