Bug 1358832
| Summary: | Enable mongodb authentication | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Storage Console | Reporter: | Lubos Trilety <ltrilety> |
| Component: | core | Assignee: | Shubhendu Tripathi <shtripat> |
| core sub component: | authentication | QA Contact: | Martin Kudlej <mkudlej> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | unspecified | ||
| Priority: | unspecified | CC: | anbabu, ltrilety, mkudlej, nthomas, shtripat, sisharma, tjeyasin, vsarmila |
| Version: | 2 | ||
| Target Milestone: | --- | ||
| Target Release: | 2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | rhscon-core-0.0.44-1.el7scon.x86_64 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-10-19 15:20:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1357777 | ||
Looking at this, I can make out that we should enable authentication once skyring-pre.sh is executed. Tim, can you check and add this as part of skyring-pre.sh only? So that just after installation of skyring, once admin user is created, the authentication would be set as Yes for mongodb. Security flag will be added after creating db-admin user first time. Patch sent to upstream for review: https://review.gerrithub.io/#/c/286696/2 https://review.gerrithub.io/#/c/296095/1 Tested with ceph-ansible-1.0.5-34.el7scon.noarch ceph-installer-1.0.15-2.el7scon.noarch rhscon-ceph-0.0.43-1.el7scon.x86_64 rhscon-core-0.0.45-1.el7scon.x86_64 rhscon-core-selinux-0.0.45-1.el7scon.noarch rhscon-ui-0.0.59-1.el7scon.noarch and it works as excepted. --> VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:2082 |
Description of problem: Currently mongodb authentication is switched off. If I change it to on, skyring service cannot connect to db and it fails to start. However in the configuration of skyring there's correct user and password for the db. Version-Release number of selected component (if applicable): rhscon-ui-0.0.49-1.el7scon.noarch rhscon-ceph-0.0.34-1.el7scon.x86_64 rhscon-core-selinux-0.0.35-1.el7scon.noarch rhscon-core-0.0.35-1.el7scon.x86_64 How reproducible: 100% Steps to Reproduce: 1. Stop skyring and mongod service if needed 2. Modify /etc/mongodb.conf, add or un-comment 'auth=yes' line 3. Start mongod service 4. Check that /etc/skyring/skyring.conf has correct credentials for the db 5. Try to start skyring service Actual results: Skyring fails to start # journalctl -xe ... -- Unit skyring.service has begun starting up. čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: MongoDB shell version: 2.6.5 čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: connecting to: skyring čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: 2016-07-21T16:30:36.403+0200 Error: couldn't add user: not authorized on skyring to execute command { createUser: "admin", pwd: "xxx", roles: [ "readWrite", "dbAdmin" ... Expected results: skyring should be able to connect to the db if it has correct credentials set Additional info: Could be a security issue that mongodb authentication is disabled.