Docker Community Forums

Share and learn in the Docker community.

Give non root access to Mongodb Docker


(Chandrani) #1

Hi,
I am new to Docker.
I have created the non root user :

  1. Dockerfile_User -

FROM mongo:latest

RUN apt-get update && apt-get -y --no-install-recommends install
ca-certificates
curl

RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
RUN curl -o /usr/local/bin/gosu -SL “https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)”
&& curl -o /usr/local/bin/gosu.asc -SL “https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc”
&& gpg --verify /usr/local/bin/gosu.asc
&& rm /usr/local/bin/gosu.asc
&& chmod +x /usr/local/bin/gosu

COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

  1. entrypoint.sh

#!/bin/bash
USER_ID=${LOCAL_USER_ID:-9001}

echo "Starting with UID : $USER_ID"
useradd --shell /bin/bash -u $USER_ID -o -c “” -m user
echo "user added succesfuly…!!!"
export HOME=/home/user
chown -R user /data/db
exec /usr/local/bin/gosu user “$@”

and build the image as :

docker build -f Dockerfile_User -t parent .

Am using the image to create mongodb Dockerfile:

  1. Dockerfile

FROM parent
VOLUME /data/db

ENV AUTH yes
ENV STORAGE_ENGINE wiredTiger
ENV JOURNALING yes

ADD run.sh /run.sh
ADD set_mongodb_password.sh /set_mongodb_password.sh

RUN chmod +x /set_mongodb_password.sh
RUN chmod +x /run.sh

EXPOSE 27017 28017
CMD ["/run.sh"]

  1. run.sh

#!/bin/bash
set -m

mongodb_cmd=“mongod --storageEngine $STORAGE_ENGINE"
cmd=”$mongodb_cmd --httpinterface --rest --master"
if [ “$AUTH” == “yes” ]; then
cmd="$cmd --auth"
fi

if [ “$JOURNALING” == “no” ]; then
cmd="$cmd --nojournal"
fi

if [ “$OPLOG_SIZE” != “” ]; then
cmd="$cmd --oplogSize $OPLOG_SIZE"
fi

$cmd &

if [ ! -f /data/db/.mongodb_password_set ]; then
/set_mongodb_password.sh
fi

fg

  1. set_mongodb_password.sh

#!/bin/bash

USER=${MONGODB_USER:-“admin”}
DATABASE=${MONGODB_DATABASE:-“admin”}
PASS=${MONGODB_PASS:-$(pwgen -s 12 1)}
_word=$( [ ${MONGODB_PASS} ] && echo “preset” || echo “random” )

RET=1
while [[ RET -ne 0 ]]; do
echo "=> Waiting for confirmation of MongoDB service startup"
sleep 5
mongo admin --eval “help” >/dev/null 2>&1
RET=$?
done

echo "=> Creating an ${USER} user with a ${_word} password in MongoDB"
mongo admin --eval “db.createUser({user: ‘$USER’, pwd: ‘$PASS’, roles:[{role:‘root’,db:‘admin’}]});”

if [ “$DATABASE” != “admin” ]; then
echo "=> Creating an ${USER} user with a ${_word} password in MongoDB"
mongo admin -u $USER -p $PASS << EOF
use $DATABASE
db.createUser({user: ‘$USER’, pwd: ‘$PASS’, roles:[{role:‘dbOwner’,db:’$DATABASE’}]})
EOF
fi

echo "=> Done!"
touch /data/db/.mongodb_password_set

through this i have created image
as

docker build -t mongodb_parent .

to run:

docker run --name mongodb_non_root -v “$(pwd)”:/data/db -e MONGODB_PASS=“a” -e MONGODB_USER=“a” -e MONGODB_DATABASE=“area51” -p 27016:27017 -p 28016:28017 -it mongodb_parent bash

** this lands up in

Starting with UID : 9001
user added succesfuly…!!!
user@7292d34e451d:/$

when i hit the statement as “mongo area51 -u a -p a”, i get an error as

MongoDB shell version: 3.2.9
connecting to: area51
2016-09-16T10:48:14.950+0000 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017, reason: errno:111 Connection refused
2016-09-16T10:48:14.950+0000 E QUERY [thread1] Error: couldn’t connect to server 127.0.0.1:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:229:14
@(connect):1:6

exception: connect failed


if i remove the non root concept, it works absolutely perfect.
Even i have tried to merge two dockerfiles in one and, the entrypoint.sh in run.sh and run .
It gives the same error.

I am totally frustrated and might be some coding problem. please bare and help.

Thank you