edX forum mongodb authentication

In tutor v10.2.2, forum is built with
Does that mean no authentication is needed for forum to connect to mongodb?

In my environment, forum cannot connect to mongodb as my mongodb needs authentication.
Is there a way to set MONGOID_AUTH_MECH through configration?

I haven’t looked into this, but you might try:
Check the value:
tutor config printvalue MONGOID_AUTH_MECH ?

Configure the value:
tutor config save --set MONGOID_AUTH_MECH="yourvalue"

I’m not quite familiar with mongodb authentication mechanisms, but this value was set there to avoid a crash when it is undefined. This variable describes just the authentication mechanism, not the credentials. The latter are defined by the MONGODB_USERNAME and MONGODB_PASSWORD Tutor settings.

sorry to refer that I am running on k8s.
Seems that MONGOID_AUTH_MECH is not passed as env in deployments.yaml.

@regis yes, username and password can be passed in.
I am running on k8s and using a mongdb service, and in previsous tutor version, forum can connect to mongodb. With v10.2.2 built image, mongodb cannot be connected util I set
MONGOID_AUTH_MECH env to “:scram” in deployments.yml.

Interesting. I suggest you pass the MONGOID_AUTH_MECH environment variable to the forum container. You can do this by defining a custom docker-compose.override.yml file:

$ cat "$(tutor config printroot)/env/local/docker-compose.override.yml"
version: "3.7"
      - "MONGOID_AUTH_MECH=:scram"


Can you help me with this issue:

  • I deploy the mongodb rs with authentication for mongodb as example: root/rootpwd on cs_comments_service database

  • Update the deployment for forum path as following

          - name: MONGODB_AUTH
            value: "root:rootpwd@"
          - name: MONGOID_AUTH_MECH
            value: ":mongodb_cr"
          - name: MONGODB_HOST
            value: "mongodb-0.mongodb-headless.default.svc.cluster.local"
          - name: MONGODB_PORT
            value: "27017"

I got this error when starting the forum service:

W, [2021-01-11T14:28:12.604779 #13] WARN – : Overwriting existing field _id in class User.
W, [2021-01-11T14:28:12.711481 #13] WARN – : MONGODB | Unsupported client option ‘max_retries’. It will be ignored.
W, [2021-01-11T14:28:12.711931 #13] WARN – : MONGODB | Unsupported client option ‘retry_interval’. It will be ignored.
W, [2021-01-11T14:28:12.712137 #13] WARN – : MONGODB | Unsupported client option ‘timeout’. It will be ignored.
/openedx/cs_comments_service/vendor/bundle/ruby/2.5.0/gems/mongo-2.5.3/lib/mongo/auth/cr/conversation.rb:130:in `validate!’: User root is not authorized to access cs_comments_service. (Mongo::Auth::Unauthorized)

Do you have idea on how to fix this?

I used the docker image: overhangio/openedx-forum:10.0.11

Thank you for your help.

Hey @vthily I was facing the same issue, and I just happened to follow @regis’s post #6 suggestion. One should override two docker-compose files that is docker-compose.yml & docker-compose.jobs.yml files, by following @regis’s recommended approach to override the default docker-compose files. Also make sure that MongoDB server’s user is using the same authentication mechanism that which you are passing in the docker-compose files.