Rocket.chat: Connecting to a MongoDB server with authentication enabled

Created on 13 Nov 2017  路  10Comments  路  Source: RocketChat/Rocket.Chat

Description:

I am trying to setup authentication on the mongodb server.

I am having a issue very similar to https://github.com/RocketChat/Rocket.Chat.Docs/issues/210 but I am not using the snap.

Rocket.Chat environment config:

MONGO_URL="mongodb://rocketchat:password@SERVER:27017/rocketchat" ROOT_URL=SERVER:3001/rocketchat/ PORT=3001

Attempted config changes

I have tried a couple permutations of roles for the mongo user rocketchat.

  1. Creating an identical user on both admin and rocketchat databases each with role root on database admin.
  2. I have tried the roles described here https://github.com/RocketChat/Rocket.Chat.Docs/issues/69
  3. I have tried just a single user on database rocketchat with role dbOwner.

Every combination results in the same error in the rocketchat log.

I can login with the rocketchat user via mongo command line and run db.users.getIndexes() while using database rocketchat.

Any help is appreciated.

Server Setup Information:

  • Version of Rocket.Chat Server: 0.58.4
  • Operating System: CentOS 7
  • Deployment Method(snap/docker/tar/etc): manual install ( see https://docs.rocket.chat/installation/manual-installation/centos/ which now appears to be gone...)
  • Number of Running Instances: 1
  • DB Replicaset Oplog: N/A
  • Node Version: v4.8.4

Steps to Reproduce:

  1. Create a user in mongodb with the appropriate roles (according to https://github.com/RocketChat/Rocket.Chat.Docs/issues/69)
  2. Enable authentication on mongo
  3. Setup the MONGO_URL connection string with the new user name and password (can be found here as well https://github.com/RocketChat/Rocket.Chat.Docs/issues/69)
  4. Start rocket chat.
  5. The MongoError: not authorized on rocketchat to execute command { listIndexes: "users", cursor: {} } should appear in the logs.

Expected behavior:

Rocket.Chat to successfully start up

Actual behavior:

Rocket chat crashes with the below error in the log.

Relevant logs:

Nov 13 14:02:53 SERVER rocketchat: MongoError: not authorized on rocketchat to execute command { listIndexes: "users", cursor: {} }
Nov 13 14:02:53 SERVER rocketchat: at Object.Future.wait (/software/rocket.chat/0.58.4-linux-x64/programs/server/node_modules/fibers/future.js:449:15)
Nov 13 14:02:53 SERVER rocketchat: at [object Object].MongoConnection._ensureIndex (packages/mongo/mongo_driver.js:796:10)
Nov 13 14:02:53 server rocketchat: at [object Object].Mongo.Collection._ensureIndex (packages/mongo/collection.js:646:20)
Nov 13 14:02:53 SERVER rocketchat: at setupUsersCollection (packages/accounts-base/accounts_server.js:1490:9)
Nov 13 14:02:53 SERVER rocketchat: at new AccountsServer (packages/accounts-base/accounts_server.js:51:5)
Nov 13 14:02:53 SERVER rocketchat: at meteorInstall.node_modules.meteor.accounts-base.server_main.js (packages/accounts-base/server_main.js:9:12)
Nov 13 14:02:53 SERVER rocketchat: at fileEvaluate (packages/modules-runtime.js:333:9)
Nov 13 14:02:53 SERVER rocketchat: at require (packages/modules-runtime.js:228:16)
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/packages/accounts-base.js:2048:15
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/packages/accounts-base.js:2059:3
Nov 13 14:02:53 SERVER rocketchat: - - - - -
Nov 13 14:02:53 SERVER rocketchat: at Function.MongoError.create (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/error.js:31:11)
Nov 13 14:02:53 SERVER rocketchat: at queryCallback (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/cursor.js:212:36)
Nov 13 14:02:53 SERVER rocketchat: at /software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/connection/pool.js:469:18
Nov 13 14:02:53 SERVER rocketchat: at nextTickCallbackWith0Args (node.js:489:9)
Nov 13 14:02:53 SERVER rocketchat: at process._tickCallback (node.js:418:13)
picture zwmcfarland
👍1

Most helpful comment

If you added the user to the 'admin' database then try this url format:

mongodb://myuser:my$ecretPass@somemongohost:27017/rocketchat?authSource=admin
picture timvaillancourt on 2 Feb 2018
👍5 😕1

All 10 comments

@zwmcfarland can you give us the command how you created the user in mongodb?

db.createUser({user: "rocket", pwd: "password", roles: [{role: "readWrite", db: "rocketchat"}]})

can you try this one?

TheReal1604 picture TheReal1604 on 16 Nov 2017

Sorry about the late response. I tried this and now I am getting the following error: 

Nov 16 15:32:54 SERVER rocketchat: Error: invalid schema, expected mongodb
Nov 16 15:32:54 SERVER rocketchat: at module.exports (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modul
Nov 16 15:32:54 SERVER rocketchat: at connect (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mong
Nov 16 15:32:54 SERVER rocketchat: at Function.MongoClient.connect (/software/rocket.chat/0.58.4-linux-x64/programs/server/npm/node_modules/meteor/npm-mo

Nov 16 15:32:54 SERVER rocketchat: at new MongoConnection (packages/mongo/mongo_driver.js:168:11)
Nov 16 15:32:54 SERVER rocketchat: at new MongoInternals.RemoteCollectionDriver (packages/mongo/remote_collection_driver.js:4:16)
Nov 16 15:32:54 SERVER rocketchat: at Object.<anonymous> (packages/mongo/remote_collection_driver.js:38:10)
Nov 16 15:32:54 SERVER rocketchat: at Object.defaultRemoteCollectionDriver (packages/underscore.js:784:19)
Nov 16 15:32:54 SERVER rocketchat: at new Mongo.Collection (packages/mongo/collection.js:99:40)
Nov 16 15:32:54 SERVER rocketchat: at AccountsServer.AccountsCommon (packages/accounts-base/accounts_common.js:23:18)
Nov 16 15:32:54 SERVER rocketchat: at new AccountsServer (packages/accounts-base/accounts_server.js:18:5)

So I think I messed something up along the way. I will get back to you after I do a fresh install.

zwmcfarland picture zwmcfarland on 22 Nov 2017

If you added the user to the 'admin' database then try this url format:

mongodb://myuser:my$ecretPass@somemongohost:27017/rocketchat?authSource=admin
timvaillancourt picture timvaillancourt on 2 Feb 2018
👍5 😕1

I'm trying to secure mongodb added a rocketchat user with privileges and here is the query result:

rs01:PRIMARY> use admin
rs01:PRIMARY> show users
{
        "_id" : "admin.rocketchatuser",
        "user" : "rocketchatuser",
        "db" : "admin",
        "customData" : {

        },
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "admin"
                },
                {
                        "role" : "readWrite",
                        "db" : "local"
                },
                {
                        "role" : "dbOwner",
                        "db" : "rocketchat"
                }
        ]
}

And here is my connection string: 

MONGO_OPLOG_URL=mongodb://rocketchatuser:mypassword@localhost:27017/local?authSource=admin&replSet=rs01
MONGO_URL=mongodb://rocketchatuser:mypassword@localhost:27017/rocketchat?authSource=admin

But still getting connection refused error.

Any idea?

fthzkrtn picture fthzkrtn on 1 Jun 2019

Hi,

Maybe you should try to add your "rocketchatuser" to the "rocketchat" collection and remove "authSource=admin" from your connection string.

Cheers

magicbelette picture magicbelette on 3 Jun 2019

This does not seem to be fixed.

switched to db rocketchat
rs01:PRIMARY> show users
{
        "_id" : "rocketchat.rocketchat",
        "userId" : UUID("xxxx-xxxx-xxxx-xxxx"),
        "user" : "rocketchat",
        "db" : "rocketchat",
        "roles" : [
                {
                        "role" : "dbOwner",
                        "db" : "rocketchat"
                },
                {
                        "role" : "readWrite",
                        "db" : "reporting"
                },
                {
                        "role" : "readWrite",
                        "db" : "local"
                }
        ],
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ]
}

Environment=MONGO_URL=mongodb://rocketchat:passwd@localhost:27017/rocketchat?replicaSet=rs01
Environment=MONGO_OPLOG_URL=mongodb://rocketchat:passwd@localhost:27017/local?replicaSet=rs01

MongoNetworkError: failed to connect to server [localhost:27017] on first connect [MongoError: Authentication failed.

I do not see any issues on monogDB side here.

gannebamm picture gannebamm on 18 Mar 2020

I fixed it. Actually you must pass authSource=rocketchat. Example:

Environment=MONGO_URL=mongodb://rocketchat:passwd@localhost:27017/rocketchat?replicaSet=rs01&authSource=rocketchat
Environment=MONGO_OPLOG_URL=mongodb://rocketchat:passwd@localhost:27017/local?replicaSet=rs01&authSource=rocketchat

And be sure your rocketchat user has the correct permissions, see my post above.

gannebamm picture gannebamm on 18 Mar 2020
🎉1

@gannebamm no,you have not. please read it
https://github.com/RocketChat/Rocket.Chat/issues/16987

564064202 picture 564064202 on 24 Mar 2020
👍1

@564064202 I don't see anything related to this issue above. I do not use docker for rocket chat.

Okay now I understand your problem:

You use docker. Docker will start each component in a container, therefore mongo won't run besides rocket chat but in its own container. I think you mongo container will not allow connections from outside and only be able to use localhost (127.0.0.1)

Your issue is not connected to this issue.

gannebamm picture gannebamm on 24 Mar 2020

no,I don't think so.
image

564064202 picture 564064202 on 24 Mar 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

djeber picture djeber  路  3Comments
mddvul22 picture mddvul22  路  3Comments
amayer5125 picture amayer5125  路  3Comments
danpospisil picture danpospisil  路  3Comments
zeigerpuppy picture zeigerpuppy  路  3Comments