edX forum mongodb authentication

In tutor v10.2.2, forum is built with
ENV MONGOID_AUTH_MECH “”
Does that mean no authentication is needed for forum to connect to mongodb?

In my environment, forum cannot connect to mongodb as my mongodb needs authentication.
Is there a way to set MONGOID_AUTH_MECH through configration?

I haven’t looked into this, but you might try:
Check the value:
tutor config printvalue MONGOID_AUTH_MECH ?

Configure the value:
tutor config save --set MONGOID_AUTH_MECH="yourvalue"

I’m not quite familiar with mongodb authentication mechanisms, but this value was set there to avoid a crash when it is undefined. This variable describes just the authentication mechanism, not the credentials. The latter are defined by the MONGODB_USERNAME and MONGODB_PASSWORD Tutor settings.

sorry to refer that I am running on k8s.
Seems that MONGOID_AUTH_MECH is not passed as env in deployments.yaml.

@regis yes, username and password can be passed in.
I am running on k8s and using a mongdb service, and in previsous tutor version, forum can connect to mongodb. With v10.2.2 built image, mongodb cannot be connected util I set
MONGOID_AUTH_MECH env to “:scram” in deployments.yml.

Interesting. I suggest you pass the MONGOID_AUTH_MECH environment variable to the forum container. You can do this by defining a custom docker-compose.override.yml file:

$ cat "$(tutor config printroot)/env/local/docker-compose.override.yml"
version: "3.7"
services:
  forum:
    environment:
      - "MONGOID_AUTH_MECH=:scram"

Hi,

Can you help me with this issue:

  • I deploy the mongodb rs with authentication for mongodb as example: root/rootpwd on cs_comments_service database

  • Update the deployment for forum path as following

          - name: MONGODB_AUTH
            value: "root:rootpwd@"
          - name: MONGOID_AUTH_MECH
            value: ":mongodb_cr"
          - name: MONGODB_HOST
            value: "mongodb-0.mongodb-headless.default.svc.cluster.local"
          - name: MONGODB_PORT
            value: "27017"
    

I got this error when starting the forum service:

W, [2021-01-11T14:28:12.604779 #13] WARN – : Overwriting existing field _id in class User.
W, [2021-01-11T14:28:12.711481 #13] WARN – : MONGODB | Unsupported client option ‘max_retries’. It will be ignored.
W, [2021-01-11T14:28:12.711931 #13] WARN – : MONGODB | Unsupported client option ‘retry_interval’. It will be ignored.
W, [2021-01-11T14:28:12.712137 #13] WARN – : MONGODB | Unsupported client option ‘timeout’. It will be ignored.
/openedx/cs_comments_service/vendor/bundle/ruby/2.5.0/gems/mongo-2.5.3/lib/mongo/auth/cr/conversation.rb:130:in `validate!’: User root is not authorized to access cs_comments_service. (Mongo::Auth::Unauthorized)

Do you have idea on how to fix this?

I used the docker image: overhangio/openedx-forum:10.0.11

Thank you for your help.