Bug 1358832 - Enable mongodb authentication
Summary: Enable mongodb authentication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Storage Console
Classification: Red Hat
Component: core
Version: 2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 2
Assignee: Shubhendu Tripathi
QA Contact: Martin Kudlej
URL:
Whiteboard:
Depends On:
Blocks: Console-2-Async
TreeView+ depends on / blocked
 
Reported: 2016-07-21 14:56 UTC by Lubos Trilety
Modified: 2016-10-19 15:20 UTC (History)
8 users (show)

Fixed In Version: rhscon-core-0.0.44-1.el7scon.x86_64
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-19 15:20:46 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gerrithub.io 284854 0 None None None 2016-08-02 11:06:44 UTC
Gerrithub.io 296095 0 None None None 2016-09-30 06:47:36 UTC
Red Hat Product Errata RHSA-2016:2082 0 normal SHIPPED_LIVE Moderate: Red Hat Storage Console 2 security and bug fix update 2017-04-18 19:29:02 UTC

Description Lubos Trilety 2016-07-21 14:56:54 UTC
Description of problem:
Currently mongodb authentication is switched off. If I change it to on, skyring service cannot connect to db and it fails to start. However in the configuration of skyring there's correct user and password for the db.

Version-Release number of selected component (if applicable):
rhscon-ui-0.0.49-1.el7scon.noarch
rhscon-ceph-0.0.34-1.el7scon.x86_64
rhscon-core-selinux-0.0.35-1.el7scon.noarch
rhscon-core-0.0.35-1.el7scon.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Stop skyring and mongod service if needed
2. Modify /etc/mongodb.conf, add or un-comment 'auth=yes' line
3. Start mongod service
4. Check that /etc/skyring/skyring.conf has correct credentials for the db
5. Try to start skyring service

Actual results:
Skyring fails to start

# journalctl -xe
...
-- Unit skyring.service has begun starting up.
čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: MongoDB shell version: 2.6.5
čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: connecting to: skyring
čec 21 16:30:36 dhcp46-15.lab.eng.blr.redhat.com skyring-pre.sh[10655]: 2016-07-21T16:30:36.403+0200 Error: couldn't add user: not authorized on skyring to execute command { createUser: "admin", pwd: "xxx", roles: [ "readWrite", "dbAdmin"
...


Expected results:
skyring should be able to connect to the db if it has correct credentials set

Additional info:
Could be a security issue that mongodb authentication is disabled.

Comment 1 Shubhendu Tripathi 2016-07-21 15:44:43 UTC
Looking at this, I can make out that we should enable authentication once skyring-pre.sh is executed.
Tim, can you check and add this as part of skyring-pre.sh only? So that just after installation of skyring, once admin user is created, the authentication would be set as Yes for mongodb.

Comment 2 Timothy Asir 2016-09-28 18:10:21 UTC
Security flag will be added after creating db-admin user first time.
Patch sent to upstream for review: https://review.gerrithub.io/#/c/286696/2
https://review.gerrithub.io/#/c/296095/1

Comment 4 Martin Kudlej 2016-10-04 12:25:22 UTC
Tested with 
ceph-ansible-1.0.5-34.el7scon.noarch
ceph-installer-1.0.15-2.el7scon.noarch
rhscon-ceph-0.0.43-1.el7scon.x86_64
rhscon-core-0.0.45-1.el7scon.x86_64
rhscon-core-selinux-0.0.45-1.el7scon.noarch
rhscon-ui-0.0.59-1.el7scon.noarch
and it works as excepted. --> VERIFIED

Comment 6 errata-xmlrpc 2016-10-19 15:20:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:2082


Note You need to log in before you can comment on or make changes to this bug.