edX forum mongodb authentication

Hi @imantaba, Make sure you create the same mongodb user and pass in both databases: edxapp and cs_comments_services. Let me know if it fixes the issue.

It is my config.yml for external mongodb

MONGODB_DATABASE: openedx-org2
MONGODB_HOST: edx-mongo-mongodb.edx-mongo.svc.cluster.local
FORUM_MONGODB_DATABASE: org2-cs_comments_service

This admin user is my mongo admin user.we have only one environment for mongodb user in tutor config. Do you know any other env ?
But the Tutor should not create the databases automatically ?

In my case I had to create users manually in admin, edxapp and forum databases. To do it, access the mongo shell and run this (replacing with your actual values):

use admin
db.createUser({user:"MONGODB_USERNAME", pwd:"MONGODB_PASSWORD", roles:[{role:"root",db:"admin"}, 'dbAdminAnyDatabase', 'readWriteAnyDatabase'], passwordDigestor:"server"})
db.createUser({user:"MONGODB_USERNAME", pwd:"MONGODB_PASSWORD", roles:['dbAdmin', 'readWrite'], passwordDigestor:"server"})
db.createUser({user:"MONGODB_USERNAME", pwd:"MONGODB_PASSWORD", roles:['dbAdmin', 'readWrite'], passwordDigestor:"server"})

Thank you @andres , it solved my problem.
It was because of mongodb before version 4 by default passwordDigestor equals to “client” and its not compatible with SCRAM-SHA-256 so it fails the authentication . When we set it to “server” the server receives undigested password from the client and digests the password and authentication succeed .

1 Like

Excelent! Btw, did you have to create the user in all databases or only in admin?

@andres would you be interested (and have the time) to write a tutorial on how to connect to a separate MongoDb cluster? This tutorial could be added to the tutor docs.

Hi Regis! Currently I am struggling to create a production-level k8s infrastructure, including MongoDB and many other services. I’ll be happy to share my findings with the community! And help will also be welcome. Where do you think it’s the best place to start? Btw, I am focusing in AWS infrastructure and using many AWS services. It can be extended to other providers, but it has to be clear that it may not work in other clouds.

@andres, I believe that it’s best if you just start a new topic right here and add it to the (currently empty) #tutor:tutorials category. Just edit it as you go, or add extra responses. Once it’s ready we’ll collect all the information and change it into a tutorial that will be added to the docs.