[BUG] mongodb password?

[bcookatpcsd]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

created new unifi-network-application with external mongodb..

---
version: "2.1"
services:
  unifi-network-application:
    #image: lscr.io/linuxserver/unifi-network-application:latest
    image: linuxserver/unifi-network-application:latest
    container_name: unifi-controller
    network_mode: "host"
    environment:
      - PUID=4096
      - PGID=4096
      - TZ=America/New_York
      - MONGO_USER=unifi
      - MONGO_PASS=4FeqPO0V0b7eBcpyLzbqA5Vne
      - MONGO_HOST=127.0.0.1
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MEM_LIMIT=4096
      - MEM_STARTUP=3072 #optional
   #   - MONGO_TLS= #optional
   #   - MONGO_AUTHSOURCE= #optional
    volumes:
      - /home/docker/unifi/controller:/config
    restart: unless-stopped
  unifi-db:
    image: docker.io/mongo:4.4
    container_name: unifi-db
    network_mode: "host"
    volumes:
      - /home/docker/unifi/db:/data/db
      - /home/docker/unifi/controller/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped

networks:
  proxy:
    external: true
  unifi:

then the json file..

 cat /home/docker/unifi/controller/init-mongo.js
db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "4FeqPO0V0b7eBcpyLzbqA5Vne", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "4FeqPO0V0b7eBcpyLzbqA5Vne", roles: [{role: "dbOwner", db: "unifi_stat"}]});

( docker exec -it unifi-db cat /docker-entrypoint-initdb.d/init-mongo.js obviously matches as well.)

great everything works..

tcp   LISTEN 0      0                                                                                 0.0.0.0:27017           0.0.0.0:*    users:(("mongod",pid=4107,fd=10))

but

How did it connect?

Expected Behavior

That mongodb has a password..

Steps To Reproduce

posted in the above..

Environment

Alpine bare metal.. 


Client:
 Version:    25.0.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.12.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.23.3
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

### CPU architecture

x86-64

### Docker creation

```bash
see above

Container logs

{"t":{"$date":"2024-04-10T14:39:33.588+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"10.120.48.107:53598","connectionId":5894,"connectionCount":8}}
{"t":{"$date":"2024-04-10T14:39:33.592+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn5894","msg":"client metadata","attr":{"remote":"10.120.48.107:53598","client":"conn5894","doc":{"application":{"name":"MongoDB Compass"},"driver":{"name":"nodejs","version":"6.5.0"},"platform":"Node.js v18.18.2, LE","os":{"name":"win32","architecture":"x64","version":"10.0.19045","type":"Windows_NT"}}}}

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[raistlinkell]

I'm also seeing this same issue. Both MongoDB and Unifi-Network-application running on the same CT.

To test my docker compose files, I've split "unifi-controller.yml" and "test-mongodb.yml" to 2 separate files. I can now run these in separate shell windows and see the processes and errors.

invoking the mongoDB for the first time using a mounted init-mongo.js file (with usernames and pwds defines for db "unifi" and "unifi_stat")

$ docker-compose test-mongodb.yml up
this all looks OK, I can't see any errors

$ docker-comose unifi-controller.yml up
shows the below

Caused by: com.mongodb.MongoCommandException: Command failed with error 18 (AuthenticationFailed): 'Authentication failed.' on server unifi-db:27017. The full response is {"ok": 0.0, "errmsg": "Authentication failed.", "code": 18, "codeName": "AuthenticationFailed"}

[yuretzgt]

My config that works:

services:
  unifi-db:
    image: docker.io/mongo:4.4
    container_name: unifi-db
    volumes:
      - ./data/mongo:/data/db
      - ./config/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped
    ports:
      - 27017:27017
  unifi-network-application:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - MONGO_PASS=SisyaPisya
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
    volumes:
      - ./data/unifi:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped

./config/init-mongo.js

db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "SisyaPisya", roles: [{role: "dbOwner", db: "unifi"}]});
db.getSiblingDB("unifi_stat").createUser({user: "unifi", pwd: "SisyaPisya", roles: [{role: "dbOwner", db: "unifi_stat"}]});

[Thlb]

Hi !

Same problem here. Seems something not working with the last version.
I've just tried du change tag "unifi-network-application:latest" to "unifi-network-application:8.0.28" and it worked for me.

[yuretzgt]

Yep, i've also got same problems with 8.1 version:
some USG gateways are unreachable and were reset by controller to default settings

So yes: the best solution is revert to 8.0.28

[bcookatpcsd]

just trying to keep this in focus..

My issue is that the set/supplied passwords are not being used.

Can you connect to your mongodb without a password..

I am able to..

@raistlinkell

Will check/confirm if the passwd is env set within the container.. +1

[yuretzgt]

Also there is another problem with passwords:
after few hours work unifi it's unable to login - password changed

[GregoryDosh]

@bcookatpcsd I managed to hobble stuff together from this thread & other places on the internet for my homelab.
https://git.auengun.net/homelab/host-unifi/src/commit/b936b3a3ac3a1769cd6748000806c263595df916/templates/init-mongo.js

It's a template that I fill in with vars before use, but generically I think it should help guide. I use Ansible & a bespoke custom role to override Docker Compose .yml entries with specific things.

The Makefile in the repo has the Docker digest SHAs to go with which versions I'm currently running.

init-mongo.js

db.getSiblingDB('admin').auth(
    process.env.MONGO_INITDB_ROOT_USERNAME,
    process.env.MONGO_INITDB_ROOT_PASSWORD
);
disableTelemetry();
db.getSiblingDB("{{ MONGO_DBNAME }}").createUser({
    user: "{{ MONGO_USER }}",
    pwd: "{{ MONGO_PASS }}",
    roles: [
        {
            db: "{{ MONGO_DBNAME }}",
            role: "dbOwner"
        },
        {
            db: "{{ MONGO_DBNAME }}_stat",
            role: "dbOwner"
        }
    ]
});

docker-compose.yml

services:
  unifi-network-application:
    image: lscr.io/linuxserver/unifi-network-application:latest
    logging:
      driver: journald
    container_name: unifi-network-application
    env_file:
      - .env
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /etc/ssl/certs:/etc/ssl/certs:ro
      - /unifi/config:/config
    ports:
      - 1900:1900/udp
      - 3478:3478/udp
      - 5514:5514/udp
      - 6789:6789
      - 8080:8080
      - 8443:8443
      - 8843:8843
      - 8880:8880
      - 10001:10001/udp
    restart: unless-stopped

  mongodb:
    image: docker.io/library/mongo:7.0
    logging:
      driver: journald
    container_name: unifi-db
    hostname: unifi-db
    env_file:
      - .env
    volumes:
      - /etc/ssl/certs:/etc/ssl/certs:ro
      - /unifi/mongodb/data:/data/db
      - /unifi/mongodb/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
    restart: unless-stopped

  caddy:
    image: caddy:latest
    logging:
      driver: journald
    container_name: caddy
    restart: unless-stopped
    ports:
      - "443:443"
      - "443:443/udp"
    volumes:
      - /etc/ssl/certs:/etc/ssl/certs:ro
      - /unifi/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /unifi/caddy/data:/data
      - /unifi/caddy/config:/config

Makefile

# renovate: datasource=docker depName=lscr.io/linuxserver/unifi-network-application versioning=docker
export UNIFI_VERSION=8.1.113-ls38@sha256:d99931e7534377e45c368717aec0b14ec732e23a882b3b346cc8cce5e3b17794
# renovate: datasource=docker depName=docker.io/library/mongo versioning=docker
export MONGODB_VERSION=7.0@sha256:0907ce5de8b9aee1935e43fb6e20f80297a08c90de71c0c2b44f9b3ecc9d4906
# renovate: datasource=docker depName=caddy versioning=docker
export CADDY_VERSION=2.7.6@sha256:ca031cd33c788ebe467c94348400e5bf263178f9619f3993af8373f18681b8fd

[raistlinkell]

Thanks bcookatpcsd, the docker compose worked.

I ended up blowing away my Proxmox PVE container and re-created it using Ubuntu and a fresh install of docker.ce and re-running the docker compose yaml file. This worked a treat.

Question - I executed a mongod --version inside the container and it is showing as db version v7.0.9. . Should I tweak my docker compose yml file to reflect this?
i.e.

services:
  unifi-db:
    image: docker.io/mongo:latest

change to

services:
  unifi-db:
    image: docker.io/mongo:7.0.9

[bl-robinson]

Its worth noting (if anyone has the same problem I did)

If you have volumes hanging around on your machine, the passwords baked into both volumes only appear to be set on initial volume create. Suggest if you are starting from scratch make sure you delete any past volumes first.

Specifically I noted in the equivalent - /home/docker/unifi/controller:/config (in the original question)

The unifi systems.properties file was not re-populated with mongo connection details on fresh container startup.
So the db.mongo.uri setting within it (with the password baked into it) was only ever set on first creation of the volume content. In my case it was set to a old password.

Clearing out all the volumes before startup with a sensible config worked fine.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[drizuid]

How did it connect?

I didn't read all of the replies from other users, but you put a password on the unifi user, you did not login as the unifi user. I suggest reading the mongodb documentation for how to more fully secure your mongodb instance, it's not our container. That said, if the only thing that can access it is unifi and unifi only logs in with the credential you created, what are you worried about :p anyway, closing this as it's out of scope for us.