edX forum mongodb authentication

pcliu · September 12, 2020, 9:11am

In tutor v10.2.2, forum is built with
ENV MONGOID_AUTH_MECH “”
Does that mean no authentication is needed for forum to connect to mongodb?

In my environment, forum cannot connect to mongodb as my mongodb needs authentication.
Is there a way to set MONGOID_AUTH_MECH through configration?

ak00001 · September 14, 2020, 7:24am

I haven’t looked into this, but you might try:
Check the value:
tutor config printvalue MONGOID_AUTH_MECH ?

Configure the value:
tutor config save --set MONGOID_AUTH_MECH="yourvalue"

regis · September 14, 2020, 9:51am

I’m not quite familiar with mongodb authentication mechanisms, but this value was set there to avoid a crash when it is undefined. This variable describes just the authentication mechanism, not the credentials. The latter are defined by the MONGODB_USERNAME and MONGODB_PASSWORD Tutor settings.

pcliu · September 15, 2020, 2:27am

sorry to refer that I am running on k8s.
Seems that MONGOID_AUTH_MECH is not passed as env in deployments.yaml.

pcliu · September 15, 2020, 2:30am

@regis yes, username and password can be passed in.
I am running on k8s and using a mongdb service, and in previsous tutor version, forum can connect to mongodb. With v10.2.2 built image, mongodb cannot be connected util I set
MONGOID_AUTH_MECH env to “:scram” in deployments.yml.

regis · September 15, 2020, 9:50am

Interesting. I suggest you pass the MONGOID_AUTH_MECH environment variable to the forum container. You can do this by defining a custom docker-compose.override.yml file:

$ cat "$(tutor config printroot)/env/local/docker-compose.override.yml"
version: "3.7"
services:
  forum:
    environment:
      - "MONGOID_AUTH_MECH=:scram"

vthily · January 11, 2021, 2:45pm

Hi,

Can you help me with this issue:

I deploy the mongodb rs with authentication for mongodb as example: root/rootpwd on cs_comments_service database

Update the deployment for forum path as following

      - name: MONGODB_AUTH
        value: "root:rootpwd@"
      - name: MONGOID_AUTH_MECH
        value: ":mongodb_cr"
      - name: MONGODB_HOST
        value: "mongodb-0.mongodb-headless.default.svc.cluster.local"
      - name: MONGODB_PORT
        value: "27017"

I got this error when starting the forum service:

W, [2021-01-11T14:28:12.604779 #13] WARN – : Overwriting existing field _id in class User.
W, [2021-01-11T14:28:12.711481 #13] WARN – : MONGODB | Unsupported client option ‘max_retries’. It will be ignored.
W, [2021-01-11T14:28:12.711931 #13] WARN – : MONGODB | Unsupported client option ‘retry_interval’. It will be ignored.
W, [2021-01-11T14:28:12.712137 #13] WARN – : MONGODB | Unsupported client option ‘timeout’. It will be ignored.
/openedx/cs_comments_service/vendor/bundle/ruby/2.5.0/gems/mongo-2.5.3/lib/mongo/auth/cr/conversation.rb:130:in `validate!’: User root is not authorized to access cs_comments_service. (Mongo::Auth::Unauthorized)

Do you have idea on how to fix this?

I used the docker image: overhangio/openedx-forum:10.0.11

Thank you for your help.