Menu
I have a mongo container being created in Compose:
version: '2'
volumes:
mongodata:
driver: local
services:
mongo:
image: mongo:latest
hostname: ${MONGODB_HOST}
restart: always
ports:
- "27017:27017"
volumes:
- mongodata:/data/db
This works perfectly, however now I want to put a password on the database. To do so, firstly as I understand it I need to create the database, add a password, then restart it with the --auth flag. My question is how to do this process with docker-compose.
I can do this if I do everything without docker-compose. The issues that I can see arising with compose are:
a) docker-compose works inside a docker network.
b) docker-compose can't run different commands at the beginning as during production.
- this is important because although some people say that you can run --auth at the beginning and it will allow you to set a password the first time, this doesn't seem to be the case.
One solution I began working on was a shell script I would run on all my servers before running docker-compose file:
# start the temporary container
docker run -d -v /tmp/mongodb --name tmpdb -e MONGODB_DBNAME=db_test mongo --auth
# do the user creation
docker run -it --link tmpdb --rm mongo sh -c 'mongo --host tmpdb --eval "db.createUser({ user: \"admin\", pwd: \"password\", roles: [ { role: \"root\", db: \"admin\" } ] });"'
# stop the server
docker stop tmpdb
# create new mongodb container, using the old ones data
docker run -d -p 27017:27017 --name mongo2 -e MONGODB_DBNAME=db_test mongo --auth
# clean up old container (we are using the volumes so they will stick around)
docker rm tmpdb
This file creates a temporary container, sets a username/password on it, stops the original container, creates a new one using the old ones volume container, and deletes the original one. The new mongo container now has a password on.
So my conclusive question is, whats the best way to do this in docker-compose?
My other containers in my docker-compose file need to be able to access mongo so i think the volume container holding the mongo data needs to be in the same network that the docker-compose creates
569
By default mongodb has no enabled access control, so there is no default user or password. To enable access control, use either the command line option –auth or security.
For connecting to your local MongoDB instance from a Container you must first allow to accept connections from the Docker bridge gateway. To do so, simply add the respective gateway IP in the MongoDB config file /etc/mongod. conf under bindIp in the network interface section.
The mongo:latest image at the time of writing (v 3.5) accepts two environment variables, MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD.
When these are set, the container's entrypoint script will start the mongod service with --auth, then create an admin user with the provided credentials.
This is currently not documented in their README, but there's a GitHub issue tracking progress on that matter, and the source is available on line 104 of the docker-entrypoint.sh script.
To use these variables in your docker-compose.yml, see the following snippet:
version: '3'
services:
mongodb:
image: mongo:3.5
hostname: ${MONGODB_HOST}
environment:
- MONGO_INITDB_ROOT_USERNAME=alice
- MONGO_INITDB_ROOT_PASSWORD=super-secret-password
restart: on-failure
ports:
- 27017:27017
volumes:
- ./mongodb:/data/db
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
