In tutor v10.2.2, forum is built with
ENV MONGOID_AUTH_MECH “”
Does that mean no authentication is needed for forum to connect to mongodb?
In my environment, forum cannot connect to mongodb as my mongodb needs authentication.
Is there a way to set MONGOID_AUTH_MECH through configration?
I haven’t looked into this, but you might try:
Check the value:
tutor config printvalue MONGOID_AUTH_MECH ?
Configure the value:
tutor config save --set MONGOID_AUTH_MECH="yourvalue"
I’m not quite familiar with mongodb authentication mechanisms, but this value was set there to avoid a crash when it is undefined. This variable describes just the authentication mechanism, not the credentials. The latter are defined by the MONGODB_USERNAME and MONGODB_PASSWORD Tutor settings.
sorry to refer that I am running on k8s.
Seems that MONGOID_AUTH_MECH is not passed as env in deployments.yaml.
@regis yes, username and password can be passed in.
I am running on k8s and using a mongdb service, and in previsous tutor version, forum can connect to mongodb. With v10.2.2 built image, mongodb cannot be connected util I set
MONGOID_AUTH_MECH env to “:scram” in deployments.yml.
Interesting. I suggest you pass the MONGOID_AUTH_MECH environment variable to the forum container. You can do this by defining a custom docker-compose.override.yml file:
$ cat "$(tutor config printroot)/env/local/docker-compose.override.yml"
version: "3.7"
services:
forum:
environment:
- "MONGOID_AUTH_MECH=:scram"
Hi,
Can you help me with this issue:
I deploy the mongodb rs with authentication for mongodb as example: root/rootpwd on cs_comments_service database
Update the deployment for forum path as following
- name: MONGODB_AUTH
value: "root:rootpwd@"
- name: MONGOID_AUTH_MECH
value: ":mongodb_cr"
- name: MONGODB_HOST
value: "mongodb-0.mongodb-headless.default.svc.cluster.local"
- name: MONGODB_PORT
value: "27017"
I got this error when starting the forum service:
W, [2021-01-11T14:28:12.604779 #13] WARN – : Overwriting existing field _id in class User.
W, [2021-01-11T14:28:12.711481 #13] WARN – : MONGODB | Unsupported client option ‘max_retries’. It will be ignored.
W, [2021-01-11T14:28:12.711931 #13] WARN – : MONGODB | Unsupported client option ‘retry_interval’. It will be ignored.
W, [2021-01-11T14:28:12.712137 #13] WARN – : MONGODB | Unsupported client option ‘timeout’. It will be ignored.
/openedx/cs_comments_service/vendor/bundle/ruby/2.5.0/gems/mongo-2.5.3/lib/mongo/auth/cr/conversation.rb:130:in `validate!’: User root is not authorized to access cs_comments_service. (Mongo::Auth::Unauthorized)
Do you have idea on how to fix this?
I used the docker image: overhangio/openedx-forum:10.0.11
Thank you for your help.
Hey @vthily I was facing the same issue, and I just happened to follow @regis’s post #6 suggestion. One should override two docker-compose files that is docker-compose.yml & docker-compose.jobs.yml files, by following @regis’s recommended approach to override the default docker-compose files. Also make sure that MongoDB server’s user is using the same authentication mechanism that which you are passing in the docker-compose files.