restheart
restheart copied to clipboard
SoftInstigate
Unable to connect mongodb with MONGO_URI in docker-compose
I used docker-compose.yml example from https://github.com/SoftInstigate/restheart/blob/master/docker-compose.yml here is my error logs and docker-compose:
- Error log:
podman-compose version: 1.0.4
['podman', '--version', '']
using podman version: 4.0.2
podman logs restapi
15:34:06.102 [main] ERROR org.restheart.plugins.PluginsFactory - Error injecting dependency to Initializer changeStreamActivator: Cannot invoke "String.startsWith(String)" because "connectionString" is null
java.lang.reflect.InvocationTargetException: null
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Caused by: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "connectionString" is null
at com.mongodb.ConnectionString.<init>(ConnectionString.java:300)
15:34:06.123 [main] WARN o.r.polyglot.PolyglotDeployer - Not running on GraalVM, polyglot plugins deployer disabled!
15:34:06.166 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [$unauthenticated] path-prefix[path="/sdk"] and method[value="OPTIONS"] doesn't have priority; setting it to very low priority
15:34:06.169 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [users] path-prefix[path="/sdk"] and method[value="PUT"] doesn't have priority; setting it to very low priority
15:34:06.171 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [admins] path-prefix[path="/sdk"] doesn't have priority; setting it to very low priority
15:34:36.375 [main] ERROR o.r.mongodb.db.MongoClientSingleton - Cannot connect to MongoDB. Check that MongoDB is running and the configuration property 'mongo-uri' is set properly
15:34:36.376 [main] ERROR o.r.s.a.MongoRealmAuthenticator - Cannot check user collection: MongoDB not connected.
15:34:36.511 [main] WARN org.restheart.plugins.PluginsFactory - Service graphql defines method initConf with @InjectConfiguration but no configuration found for it
15:34:36.746 [main] ERROR o.r.m.h.c.ChangeStreamsActivator - Cannot enable Change Streams: MongoDB not connected.
15:34:36.746 [main] ERROR o.r.m.h.sessions.TxnsActivator - Cannot enable Transactions: MongoDB not connected.
16:17:44.017 [main] WARN o.r.polyglot.PolyglotDeployer - Not running on GraalVM, polyglot plugins deployer disabled!
16:17:44.060 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [admins] path-prefix[path="/"] doesn't have priority; setting it to very low priority
16:17:44.067 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [users] path-prefix[path="/sdk"] and method[value="PUT"] doesn't have priority; setting it to very low priority
exit code: 0
- docker-compose.yml
version: '2.1'
services:
'mongodb':
image: 'mongo'
hostname: 'mongodb'
container_name: 'mongodb'
volumes:
- /repository/mongo-data:/data/db
- /repository/mongo-auth.key:/data/mongo-auth.key
- /repository/mongo_backup:/mongo_backup
environment:
- MONGO_INITDB_ROOT_USERNAME=mongoadmin
- MONGO_INITDB_ROOT_PASSWORD=12345678
command: ["--bind_ip", "mongodb","--auth", "--replSet", "rs0", "--keyFile", "/data/mongo-auth.key"]
ports:
- 27017:27017
mongodb-initiate:
image: 'mongo'
depends_on:
- mongodb
entrypoint: bash -c "for i in {1..100}; do mongosh --host mongodb --username mongoadmin --password 'e293b6ed7694122ab8c34cc06a1afbc6' --eval 'if (!rs.status().ok) rs.initiate();' && break || sleep 2; done"
depends_on:
- mongodb
'restapi':
image: softinstigate/restheart
volumes:
- /repository/containers/sdk_telemetry/restheart-config:/opt/restheart/etc
hostname: restapi
container_name: restapi
entrypoint: ["java", "-Dfile.encoding=UTF-8", "-Xmx5120m", "-server", "-jar", "restheart.jar", "etc/restheart.yml"]
command: ["--envFile", "/opt/restheart/etc/default.properties"]
depends_on:
- mongodb
environment:
MONGO_URI: :mongodb://rest:123456@mongodb:27017/sdk?authSource=sdk
Expected Behavior
The restapi services should start
Current Behavior
Now the restapi container is exited
Context
Environment
OS: rhel8.6 MongoDB: 6.0.2 restheart.yml:
# RESTHeart default Configuration properties
## See: https://restheart.org/learn/configuration
instance-name: default
## HTTP listener
http-listener = true
http-host = 0.0.0.0
http-port = 8080
## HTTPS listener
https-listener = false
https-host = 0.0.0.0
https-port = 4443
## AJP listener
ajp-listener = false
ajp-host = 0.0.0.0
ajp-port = 8009
## MongoDB Connection String
### For URI Formats visit https://docs.mongodb.com/manual/reference/connection-string/.
#mongo-uri = mongodb://127.0.0.1
## security properties
### simpleFileAuthenticator userbase
users-conf-file=../etc/users.yml
### requestPredicatesAuthorizer ACL
acl-conf-file=../etc/acl.yml
### The directory containing the plugins (JAR files).
#### The path is either absolute (starts with /) or relative to the restheart.jar file
plugins-directory = plugins
## logging properties
enable-log-console = true
log-level = WARN
enable-log-file = false
### with --fork use an absoulte path of a writable file
### For example, on MacOS /usr/local/var/log/restheart.log usually works
log-file-path = restheart.log
## MongoDB service properties
### The MongoDB resource to bind to the root URI /
### The format is /db[/coll[/docid]] or '*' to expose all dbs
root-mongo-resource = /sdk
default-representation-format = STANDARD
## performance properties
query-time-limit = 0
aggregation-time-limit = 0
### suggested value: core*2
io-threads = 4
####suggested value: core*16
worker-threads = 16
[crawfoma@vraowl7726 sdk_telemetry]$ sudo cat restheart-config/restheart.yml
## RESTHeart Configuration File.
---
#### Listeners
# Listeners allow to specify the protocol, ip, port and to use.
# The supported protocols are: http and https.
# You can setup a listener per protocol (up to 2).
# WARNING: Using the http listener is not secure with basic authentication:
# credentials can be sniffed by a man-in-the-middle attack.
https-listener: {{{https-listener}}}
https-host: {{{https-host}}}
https-port: {{{https-port}}}
http-listener: {{{http-listener}}}
http-host: {{{http-host}}}
http-port: {{{http-port}}}
ajp-listener: {{{ajp-listener}}}
ajp-host: {{{ajp-host}}}
ajp-port: {{{ajp-port}}}
#### Instance name
# The name of this instance.
# Displayed in log, also allows to implement instance specific custom code
instance-name: {{{instance-name}}}
### Proxied resources
# location (required) The location URI to bound to the HTTP proxied server.
# proxy-pass (required) The URL of the HTTP proxied server. It can be an array of URLs for load balancing.
# name (optional) The name of the proxy. It is required to identify 'restheart'.
# rewrite-host-header (optional, default true) should the HOST header be rewritten to use the target host of the call.
# connections-per-thread (optional, default 10) Controls the number of connections to create per thread.
# soft-max-connections-per-thread (optional, default 5) Controls the number of connections to create per thread.
# max-queue-size (optional, default 0) Controls the number of connections to create per thread.
# connections-ttl (optional, default -1) Connections Time to Live in seconds.
# problem-server-retry (optional, default 10) Time in seconds between retries for problem server.
#proxies:
# - location: /anything
# proxy-pass: https://httpbin.org/anything
# name: anything
#### MongoDB
## MongoDb Connection
# Set the MongoDb connection using a Mongo Client URI.
#
# The format of the URI is:
# mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]
#
# Use The URI query parameter 'authSource' to specify the authetication database:
# mongodb://user:[email protected]/?authSource=authdb
#
# More information at http://api.mongodb.org/java/current/com/mongodb/MongoClientURI.html
mongo-uri: mongodb://rest:d3e19a0fc431021ce4db8af0132df9fd@mongodb:27017/sdk?authSource=sdk
## MongoDb resources
# Use mongo-mounts to expose MongoDb resources binding them to API URIs.
#
# The parameter 'what' identifies the MongoDb resource to expose.
# The format is /db[/coll[/docid]]
# Use the wildcard '*' to expose all dbs.
#
# The parameter 'where' defines the URI to bind the resource to.
# It can be an absolute path (eg. /api) or path template (eg. /{foo}/bar/*).
# The values of the path templates properties are available:
# - in the 'what' property (e.g. what: /{foo}_db/coll)
# - programmatically from RequestContext.getPathTemplateParamenters() method.
#
# It is not possible to mix absolute paths and path templates: 'where' URIs
# need to be either all absolute paths or all path templates.
#
# Examples:
# The following exposes all MongoDb resources.
# In this case the URI of a document is /db/coll/docid
#
# - what: "*"
# where: /
#
# The following binds the URI /database to the db 'db'
# In this case the URI of a document is /database/coll/docid
#
# - what: /db/coll
# where: /database
#
# The following binds the URI /api to the collection 'db.coll'
# In this case the URI of a document is /api/docid
#
# - what: /db/coll
# where: /api
mongo-mounts:
- what: {{{root-mongo-resource}}}
where: /sdk
#### Default representation format https://restheart.org/docs/representation-format/
## STANDARD root and dbs as an array of children's ids
## collection as arrays of document objects and documents as objects
## HAL Hypertext Application Language
## SHAL Simplified HAL with children as direct elements of _embedded array
## PLAIN_JSON or HAL are aliases for SHAL
## S is an alias for STANDARD
default-representation-format: {{{default-representation-format}}}
#### Static Web Resources
# Static web resources to bind to the URL specified by the 'where' property.
# The 'what' property is the path of the directory containing the resources.
# The path is either absolute (starts with /) or relative to the restheart.jar file
# If embedded is true, the resources are either included in the restheart.jar or
static-resources-mounts:
# - what: /path/to/resources
# where: /static
# welcome-file: index.html
# embedded: false
### Security
## SSL Configuration
# Configure the keystore to enable the https listener.
# RESTHeart Security comes with a self-signed certificate that makes
# straightforward enabling https.
# Specify use-embedded-keystore: true to use it (this is the default setting).
# Using the self-signed certificate leads to issues with some clients;
# for instance, with curl you need to specify the "--insecure" option or you'll get an error message.
use-embedded-keystore: false
# To use your own certificate you need to import it (and eventually the CA certificates chain) into a java keystore
# and specify use-embedded-keystore: false and the keystore-file,keystore-password and certpassword configuration properties.
# Refer to the java keystore documentation for that.
#keystore-file: /path/to/keystore/file
#keystore-password: password
#certpassword: password
# RESTHeart Security security is pluggable, you can provide you own
# implementations of Authenticator Mechanisms, Authenticator, Authorizer
# and Token Manager
## Authentication Mechanisms
# As an in-bound request is received the authenticate method is called on each
# mechanism in turn until one of the following occurs: A mechanism
# successfully authenticates the incoming request or the list of mechanisms is
# exhausted.
auth-mechanisms:
tokenBasicAuthMechanism:
enabled: false
basicAuthMechanism:
enabled: true
authenticator: fileRealmAuthenticator
jwtAuthenticationMechanism:
enabled: false
algorithm: HS256
key: secret
base64Encoded: false
usernameClaim: sub
rolesClaim: roles
fixedRoles:
# - admin
issuer: myIssuer
audience: myAudience
digestAuthMechanism:
enabled: true
realm: RESTHeart Realm
domain: rest
authenticator: fileRealmAuthenticator
identityAuthMechanism:
enabled: true
username: admin
roles:
- admins
- users
## Authenticators
# An Authenticator verify user credential and are used by one or more
# AuthMachanisms
authenticators:
fileRealmAuthenticator:
enabled: true
conf-file: {{{users-conf-file}}}
mongoRealmAuthenticator:
enabled: true
users-db: sdk
users-collection: _users
prop-id: _id
prop-password: password
json-path-roles: $.roles
bcrypt-hashed-password: true
bcrypt-complexity: 12
create-user: true
create-user-document: '{"_id": "admin", "password": "$2a$12$lZiMMNJ6pkyg4uq/I1cF5uxzUbU25aXHtg7W7sD2ED7DG1wzUoo6u", "roles": ["admin"]}'
# create-user-document.password must be hashed when bcrypt-hashed-password=true
# default password is 'secret'
# see https://bcrypt-generator.com but replace initial '$2y' with '$2a'
cache-enabled: false
cache-size: 1000
cache-ttl: 60000
cache-expire-policy: AFTER_WRITE
## Authorizers
# Authorizers verify if a request is allowed.
# As an in-bound request is received and authenticated the isAllowed() method is
# called on each authenticator in turn until one of the following occurs:
# an authenticator allows the incoming request or the list of authenticators is
# exhausted. In the latter case, the request ends and 403 Forbidden is returned.
authorizers:
fileAclAuthorizer:
enabled: true
conf-file: {{{acl-conf-file}}}
mongoAclAuthorizer:
enabled: false
acl-db: sdk
acl-collection: _acl
# clients with root-role can execute any request
root-role: admin
cache-enabled: true
cache-size: 1000
cache-ttl: 5000
cache-expire-policy: AFTER_WRITE
fullAuthorizer:
enabled: false
authentication-required: true
## Token Manager
# If a token-manager is configured, RESTHeart Security will use it to generate
# and verify auth tokens.
# If more than one token-manager are defined, the first one will be used
# The token is returned to the caller via auth-token header when the user
# autheticates successfully. The token can be used by Authentication Mechanisms.
token-manager:
rndTokenManager:
enabled: false
ttl: 15
srv-uri: /tokens
## Aggregations variables
# Check if aggregation variables use operators. allowing operators in aggregation variables
# is risky. requester can inject operators modifying the query
aggregation-check-operators: true
## Allow unescaped characters in URL
# Starting with Undertow 1.4.23 URLs validation became much stricter.
# However, this is breaking existing clients. Now you can decide which behaviour you prefer
allow-unescaped-characters-in-url: true
## ETag policy
# the following configuration defines the default etag check policy
# the policy applies for dbs, collections (also applies to file buckets) and documents
# valid values are REQUIRED, REQUIRED_FOR_DELETE, OPTIONAL
etag-check-policy:
db: REQUIRED_FOR_DELETE
coll: REQUIRED_FOR_DELETE
doc: OPTIONAL
#### Plugins configuration
# The directory containing the plugins jars.
# The path is either absolute (starts with /) or relative to the restheart.jar file
# Just add the plugins jar to plugins-directory and they will be automatically
# added to the classpath and registered.
plugins-directory: {{{plugins-directory}}}
# All plugins accept the argument 'confArgs'. Set 'confArgs' defining an object
# with the same name of the plugin (as defined in its @RegisterPlugin annotation).
# The property 'enabled' allows enabling plugins that are not enabled by default,
# i.e. that are registered with @RegisterPlugin( .., enabledByDefault=false)
plugins-args:
mongo:
enabled: true
uri: /
secured: true
csvLoader:
secured: true
rndTokenService:
enabled: false
uri: /tokens
secured: false
ping:
enabled: true
secured: false
msg: Greetings!
roles:
enabled: false
uri: /roles
secured: false
echo:
enabled: false
uri: /echo
secured: false
#### Logging
# enable-log-console: true => log messages to the console (default value: true)
# enable-log-file: true => log messages to a file (default value: true)
# log-file-path: to specify the log file path (default value: restheart.log in system temporary directory)
# log-level: to set the log level. Value can be OFF, ERROR, WARN, INFO, DEBUG, TRACE and ALL. (default value is INFO)
# ansi-console: use Ansi console for logging. Default to 'true' if parameter missing, for backward compatibility
# requests-log-level: log the request-response. 0 => no log, 1 => light log, 2 => detailed dump
# requests-log-trace-headers: add the HTTP headers you want to be put on the MDC for logback. Use with %X{header-name} in logback.xml.
# Useful for tracing support in the logs. Leave empty to deactivate this feature.
# metrics-gathering-level: metrics gathering for which level? OFF => no gathering, ROOT => gathering at root level,
# DATABASE => at db level, COLLECTION => at collection level
# WARNING: use requests-log-level level 2 only for development purposes, it logs user credentials (Authorization and Auth-Token headers)
enable-log-file: {{{enable-log-file}}}
log-file-path: {{{log-file-path}}}
enable-log-console: {{{enable-log-console}}}
log-level: {{{log-level}}}
requests-log-level: 1
ansi-console: true
metrics-gathering-level: OFF
requests-log-trace-headers:
# - x-b3-traceid # vv Zipkin headers, see https://github.com/openzipkin/b3-propagation
# - x-b3-spanid
# - x-b3-parentspanid
# - x-b3-sampled # ^^
# - uber-trace-id # jaeger header, see https://www.jaegertracing.io/docs/client-libraries/#trace-span-identity
# - traceparent # vv opencensus.io headers, see https://github.com/w3c/distributed-tracing/blob/master/trace_context/HTTP_HEADER_FORMAT.md
# - tracestate # ^^
#### Performance Options
## Read Performance
# default-pagesize is the number of documents returned when the pagesize query
# parameter is not specified
# see https://restheart.org/docs/read-docs#paging
default-pagesize: 100
# max-pagesize sets the maximum allowed value of the pagesize query parameter
# generally, the greater the pagesize, the more json serializan overhead occurs
# the rule of thumb is not exeeding 1000
max-pagesize: 1000
# cursor-batch-size sets the mongodb cursor batchSize
# see https://docs.mongodb.com/manual/reference/method/cursor.batchSize/
# cursor-batch-size should be smaller or equal to the max-pagesize
# the rule of thumb is setting cursor-batch-size equal to max-pagesize
# a small cursor-batch-size (e.g. 101, the default mongodb batchSize)
# speeds up requests with small pagesize
cursor-batch-size: 1000
## Caches
# local-cache allows to cache the db and collection properties to drammatically
# improve performaces. Without caching, a GET on a document would requires
# two additional queries to retrieve the db and the collection properties.
# Pay attention to local caching only in case of multi-node deployments (horizontal scalability).
# In this case a change in a db or collection properties would reflect on other
# nodes at worst after TTL milliseconds (cache entries time to live).
# In most of the cases Dbs and collections properties only change at development time.
local-cache-enabled: true
# TTL in milliseconds; specify a value < 0 to never expire cached entries
local-cache-ttl: 60000
schema-cache-enabled: true
# TTL in milliseconds; specify a value < 0 to never expire cached entries
schema-cache-ttl: 60000
## Limits
# Limit for the maximum number of concurrent requests being served
requests-limit: 1000
# Time limit in milliseconds for processing queries on the server (without network latency). 0 means no time limit
query-time-limit: {{{query-time-limit}}}
# Time limit in milliseconds for processing aggregations on the server (without network latency). 0 means no time limit
aggregation-time-limit: {{{aggregation-time-limit}}}
## Eager DB Cursor Preallocation Policy
# In big collections, reading a far page involves skipping the db cursor for many documents resulting in a performance bottleneck
# For instance, with default pagesize of 100, a GET with page=50.000 involves 500.000 skips on the db cursor.
# The eager db cursor preallocation engine boosts up performaces (in some use cases, up to 1000%). the following options control its behavior.
eager-cursor-allocation-pool-size: 100
eager-cursor-allocation-linear-slice-width: 1000
eager-cursor-allocation-linear-slice-delta: 100
eager-cursor-allocation-linear-slice-heights: [4, 2, 1]
eager-cursor-allocation-random-max-cursors: 20
eager-cursor-allocation-random-slice-min-width: 1000
# In order to save bandwitdth RESTHeart Security can force requests to support the giz encoding (if not, requests will be rejected)
force-gzip-encoding: false
# Number of I/O threads created for non-blocking tasks. at least 2. suggested value: core*2
io-threads: {{{io-threads}}}
# Number of threads created for blocking tasks (such as ones involving db access). suggested value: core*16
worker-threads: {{{worker-threads}}}
# Use 16k buffers for best performance - as in linux 16k is generally the default amount of data that can be sent in a single write() call
buffer-size: 16384
buffers-per-region: 20
# Should the buffer pool use direct buffers, this instructs the JVM to use native (if possible) I/O operations on the buffers
direct-buffers: true
#### Connetction Options
connection-options:
# The maximum size of a HTTP header block, in bytes.
# If a client sends more data that this as part of the request header then the connection will be closed.
# Defaults to 1Mbyte.
MAX_HEADER_SIZE: 1048576
# The default maximum size of a request entity.
# Defaults to unlimited.
MAX_ENTITY_SIZE: -1
#The default maximum size of the HTTP entity body when using the mutiltipart parser.
# Generall this will be larger than MAX_ENTITY_SIZE
# If this is not specified it will be the same as MAX_ENTITY_SIZE
MULTIPART_MAX_ENTITY_SIZE: -1
# The idle timeout in milliseconds after which the channel will be closed.
# If the underlying channel already has a read or write timeout set
# the smaller of the two values will be used for read/write timeouts.
# Defaults to unlimited (-1).
IDLE_TIMEOUT: -1
# The maximum allowed time of reading HTTP request in milliseconds.
# -1 or missing value disables this functionality.
REQUEST_PARSE_TIMEOUT: -1
# The amount of time the connection can be idle with no current requests
# before it is closed;
# Defaults to unlimited (-1).
NO_REQUEST_TIMEOUT: -1
# The maximum number of query parameters that are permitted in a request.
# If a client sends more than this number the connection will be closed.
# This limit is necessary to protect against hash based denial of service attacks.
# Defaults to 1000.
MAX_PARAMETERS: 1000
# The maximum number of headers that are permitted in a request.
# If a client sends more than this number the connection will be closed.
# This limit is necessary to protect against hash based denial of service attacks.
# Defaults to 200.
MAX_HEADERS: 200
# The maximum number of cookies that are permitted in a request.
# If a client sends more than this number the connection will be closed.
# This limit is necessary to protect against hash based denial of service attacks.
# Defaults to 200.
MAX_COOKIES: 200
# The charset to use to decode the URL and query parameters.
# Defaults to UTF-8.
URL_CHARSET: UTF-8
# If this is true then a Connection: keep-alive header will be added to responses,
# even when it is not strictly required by the specification.
# Defaults to true
ALWAYS_SET_KEEP_ALIVE: true
# If this is true then a Date header will be added to all responses.
# The HTTP spec says this header should be added to all responses,
# unless the server does not have an accurate clock.
# Defaults to true
ALWAYS_SET_DATE: true
#idm:
# implementation-class: org.restheart.security.impl.SimpleFileIdentityManager
# conf-file: {{{users-conf-file}}}
dbim:
- db: sdk
coll: telemetry
prop-name-id: _id
prop-name-password: password
prop-name-roles: roles
bcrypt-hashed-password: false
create-user: false
create-user-document: '{"_id": "admin", "password": "secret", "roles": ["admins"]}'
cache-enabled: false
cache-size: 1000
cache-ttl: 60000
cache-expire-policy: AFTER_WRITE
access-manager:
implementation-class: org.restheart.security.impl.SimpleAccessManager
conf-file: {{{acl-conf-file}}}
- acl.yml:
permissions:
# Users with role 'admins' can do anything
- role: admins
predicate: path-prefix[path="/"]
# Not authenticated user can only GET any resource under the /publicdb URI
#- role: $unauthenticated
# predicate: path-prefix[path="/publicdb/"] and method[value="GET"]
# Users with role 'users' can PUT any document to the sdk db
- role: users
predicate: path-prefix[path="/sdk"] and method[value="PUT"]
- users.yml
## RESTHeart simple security configuration file.
---
## Configuration for file based Identity Manager
users:
- userid: rest
password: d3e19a0fc431021ce4db8af0132df9fd
roles: [users, admins]
- userid: wo
password: f50d6784695bbb3e93e86a25e70a9bef
roles: [users, admins]
## Configuration for db based Identity Manager
## bcrypt-hashed-password: true to authenticate against bcrypt hashed passwords
## https://github.com/svenkubiak/jBCrypt
#dbim:
# - db: userbase
# coll: accounts
# prop-name-id: _id
# prop-name-password: password
# prop-name-roles: roles
# bcrypt-hashed-password: false
# create-user: false
# create-user-document: '{"_id": "admin", "password": "secret", "roles": ["admins"]}'
# cache-enabled: false
# cache-size: 1000
# cache-ttl: 60000
# cache-expire-policy: AFTER_WRITE
Steps to Reproduce
- setup mongodb Authenticate:
use admin db.auth("mongoadmin", "12345678") Create the sdk database: use sdk
Create a telemetry collection: db.createCollection("telemetry")
Create a _properties collection for restheart: db.createCollection("_properties")
Create a write-only role for access to the telemetry collection: db.createRole({ role: "writeOnly", privileges: [{ resource: { db: "sdk", "collection": "telemetry" }, actions: [ "insert" ]}], roles: []})
Create users:
db.createUser( { user: "rest", pwd: "123456", roles: [ { role: "readWrite", db: "sdk" } ] }) 2. podman-compose up -d restapi
Possible Implementation
You shoudn't comment out the mongo-uri property in the configuration file.
The env var MONGO_URI overwrites a configuration property, as long as it is defined.
Hi ujibang, I set mongo-uri: mongodb://rest:123456@mongodb:27017/sdk?authSource=sdk it still get the error
in your docker-compose.yml yourMONGO_URI has a starting : that you should remove
MONGO_URI: :mongodb://rest:123456@mongodb:27017/sdk?authSource=sdk
It should be:
MONGO_URI: mongodb://rest:123456@mongodb:27017/sdk?authSource=sdk
Hi mkjsix, after fix typo, the error still there. Here is my simple testing: sudo podman exec mongodb cat /etc/hosts 127.0.0.1 localhost localhost4 localhost.localdomain vraowl7726 ::1 localhost localhost6 localhost6.localdomain6 vraowl7726 10.81.75.103 vraowl7726.rsv.ven.veritas.com
fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
10.89.2.6 18f92dd53611 mongodb 10.89.2.1 host.containers.internal
root@54455a21b768:/# mongosh --host 10.89.2.6 Current Mongosh Log ID: 63442f081251400700f07ef7 Connecting to: mongodb://10.89.2.6:27017/?directConnection=true&appName=mongosh+1.6.0 Using MongoDB: 6.0.2 Using Mongosh: 1.6.0
For mongosh info see: https://docs.mongodb.com/mongodb-shell/
To help improve our products, anonymous usage data is collected and sent to MongoDB periodically (https://www.mongodb.com/legal/privacy-policy). You can opt-out by running the disableTelemetry() command.
rs0 [direct: primary] test> exit root@54455a21b768:/# mongosh --host mongodb Current Mongosh Log ID: 63442f12c60fbac12ef8a151 Connecting to: mongodb://mongodb:27017/?directConnection=true&appName=mongosh+1.6.0 MongoServerSelectionError: getaddrinfo EAI_AGAIN mongodb
you can find if I used random ip of mongodb services to connect and successfully. But hostname was failed.
As I changed podman network from CNI to Netavark, then I got below error:
sudo podman-compose logs restapi podman-compose version: 1.0.4 ['podman', '--version', ''] using podman version: 4.0.2 podman logs restapi 06:03:45.798 [main] WARN o.r.m.MongoServiceConfiguration - >>> Found environment variable 'MONGO_URI': overriding parameter 'mongo-uri' with value 'mongodb://rest:d3e19a0fc431021ce4db8af0132df9fd@mongodb:27017/sdk?authSource=sdk' 06:03:45.808 [main] WARN o.r.polyglot.PolyglotDeployer - Not running on GraalVM, polyglot plugins deployer disabled! 06:03:45.847 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [admins] path-prefix[path="/"] doesn't have priority; setting it to very low priority 06:03:45.853 [main] WARN o.r.s.authorizers.FileAclPermission - Predicate [users] path-prefix[path="/sdk"] and method[value="PUT"] doesn't have priority; setting it to very low priority 06:03:46.196 [main] WARN o.r.mongodb.ConnectionChecker - Unable to check if MongoDB is configured as replica set. The MongoDB user cannot execute replSetGetStatus() command. Tip: add to the MongoDB user the built-in role 'clusterMonitor' that provides this action. 06:03:46.197 [main] WARN o.r.mongodb.db.MongoClientSingleton - MongoDB is a standalone instance. 06:03:46.324 [main] WARN org.restheart.plugins.PluginsFactory - Service graphql defines method initConf with @InjectConfiguration but no configuration found for it 06:03:46.628 [main] WARN o.r.mongodb.ConnectionChecker - Unable to check if MongoDB is configured as replica set. The MongoDB user cannot execute replSetGetStatus() command. Tip: add to the MongoDB user the built-in role 'clusterMonitor' that provides this action. 06:03:46.628 [main] ERROR o.r.m.h.c.ChangeStreamsActivator - Cannot enable Change Streams: MongoDB is a standalone instance and Change Streams require a Replica Set. 06:03:46.637 [main] WARN o.r.mongodb.ConnectionChecker - Unable to check if MongoDB is configured as replica set. The MongoDB user cannot execute replSetGetStatus() command. Tip: add to the MongoDB user the built-in role 'clusterMonitor' that provides this action. 06:03:46.637 [main] ERROR o.r.m.h.sessions.TxnsActivator - Cannot enable Transactions: MongoDB is a standalone instance and Transactions require a Replica Set. exit code: 0
Your logs indicate the issue: Unable to check if MongoDB is configured as replica set. The MongoDB user cannot execute replSetGetStatus() command. Tip: add to the MongoDB user the built-in role 'clusterMonitor' that provides this action.
It means RESTHeart can connect to MongoDB but the MongoDB's user lacks the necessary clusterMonitor permissions.
See https://restheart.org/docs/mongodb-rest/secure-connection-to-mongodb#restrict-permissions-of-mongodb-user
One more issue comming when I tried to use mongo-initiate to connect mongodb and show:
command >> (bash -c "for i in {1..100}; do mongosh --host mongodb --username mongoadmin --password '123456' --eval 'if (!rs.status().ok) rs.initiate();' && break || sleep 2; done")
Logs:
MongoDB shell version v5.0.13 connecting to: mongodb://mongodb:27017/?compressors=disabled&gssapiServiceName=mongodb Error: couldn't connect to server mongodb:27017, connection attempt failed: HostNotFound: Could not find address for mongodb:27017: SocketException: Host not found (non-authoritative), try again later : connect@src/mongo/shell/mongo.js:372:17 @(connect):2:6 exception: connect failed exiting with code 1
Also if I set --host=ip and it will show: MongoDB shell version v5.0.13 connecting to: mongodb://10.89.2.1:27017/?compressors=disabled&gssapiServiceName=mongodb Error: couldn't connect to server 10.89.2.1:27017, connection attempt failed: SocketException: Error connecting to 10.89.2.1:27017 :: caused by :: No route to host : connect@src/mongo/shell/mongo.js:372:17 @(connect):2:6 exception: connect failed exiting with code 1
@crawfordma that should be a problem with the docker network configuration, AFAIK the bind_ip should be a static IP address configured in the network section of your docker-compose.yml. For example, look at this thread: https://stackoverflow.com/a/38885656/615095
However, we usually don't use such a configuration so we are not expert enough to advise. See https://github.com/SoftInstigate/restheart/blob/master/docker-compose.yml as a starting point.
So I wonder what is the mongodb-initiate for? is it necessary for restheart? or just a function like health check?
The container mongodb-initiate initiates mongodb as a replica set, via the command rs.initiate(). Once the init script is executed, the container dies.
MongoDb running as a replica set (even if it is a single node replica set) is required for change streams and transaction to work. Without it everything will work but for these two features.
Once you have a replica set, the container can be removed. If already initiated as a replica set, the script does nothing.