Cannot add authorization "enable" to mongod.conf yaml ccp-error

Hi fellows,
I have a problem I cpuldn’t solve nor find a solution for yet. I needed to add authorization “enabled” to the mongod.conf to create and update users. If I try I get the following error:

rror parsing YAML config file: yaml-cpp: error at line 31, column 6: end of map not found

I couldn’t find a solution how to fix that . My mongod.conf you find here: mongod.conf authorization: "enabled" - Pastebin.com

Many thanks in advance,
Uli

Hi
You need to add security.authorization part to your config file - in your config file, security seems to be hashed

# Security
security:
  authorization: enabled

I suggest check official MongoDB documentation

1 Like

Hi,

Thanks but that wasn’t it all yet. I removed the # restarted mongod but now I get

 systemctl restart mongod
root@docker:/etc# systemctl status mongod
× mongod.service - MongoDB Database Server
     Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-07-13 14:36:40 CEST; 431ms ago
   Duration: 4.728s
       Docs: https://docs.mongodb.org/manual
    Process: 105115 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=14)
   Main PID: 105115 (code=exited, status=14)
        CPU: 791ms

Jul 13 14:36:35 docker systemd[1]: Started MongoDB Database Server.
Jul 13 14:36:40 docker systemd[1]: mongod.service: Main process exited, code=exited, status=14/n/a
Jul 13 14:36:40 docker systemd[1]: mongod.service: Failed with result 'exit-code'.

if I try to create a new user I still get this error:
db.createUser({
… user: “m103-admin”,
… pwd: “m103-pass”,
… roles: [
… {role: “root”, db: “admin”}
… ]
… })
uncaught exception: Error: couldn’t add user: command createUser requires authentication :

Regards,
Uli

Hi,
mongod starts now, but the error cerating a new user still exists . How can I fix that?

Many thanks in advance,
Uli

Hi,
Can you send you the current config file and output from mongod log ?
Did you add your first, admin user before you enabled authorization ?

you need to add a first admin user before you enable authorization

1 Like

Hi, with or without authorization I get > Error: couldn’t add user: command createUser requires authentication :

_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1367:11
@(shell):1:1
Here is the mongod.log you asked for:
mongod.log - Pastebin.com

I hope it will be helpful

Thanks in advance
Uli

Hi,

the mongod.log you can find here as a file: https://ukleemann.net/index.php/apps/files/?dir=/Documents/FILES&fileid=277

Regards,

Uli

I assume you are using standalone mongod instance, at least I could not see a replica set in your config file.
You can add the first admin user to your database with disabled access control, try the following steps:

  1. disable authentication in your config file
  2. restart mongod
  3. add an admin user
  4. enable authentication in your config file
  5. restart mongod

procedure is available online
If you enable access control before creating any user, MongoDB provides a localhost exception which allows you to create a user administrator in the admin database.

1 Like

Hi,

I changed authorization from enable to disabled like this:

security:
authorization: disabled

then I tried to add an admin user like that:

use admin
db.createUser({

  • user: “m103-admin”,*
  • pwd: “m103-pass”,*
  • roles: [*
  • {role: “root”, db: “admin”}*
  • ]*
    })

then I got the know error again

uncaught exception: Error: couldn’t add user: command createUser requires authentication :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1367:11
@(shell):1:1
what did I do wrong?

Regards,
Uli

you need to disable access control like this (add # before security and authorization: enabled)

# security:
#    authorization: enabled

now restart mongod and add first user

Your restart that indicates that it fails.

And in the same post, you are able to connect and call db.createUser.

This is inconsistent. If mongod does not start then you cannot connect. If you can connect then another instance is running or you are not connecting to the instance you think you are starting.

From

it looks like you are trying to start a docker instance. It is possible then when you connect you try to connect to a local instance, which is not using the configuration file you shared and is not running with authentication.

To know more about your setup please share the output of the following commands:

ss -tlnp
ps -aef | grep [m]ongod
docker ps

mongo started (it is how I understand it), see

Thanks, I saw that, but I have some doubts about the whole setup. So I am still interested to see the output of the commands.

I would also like to see the command used to connect.

Hi,

following you advice uncommentig authorization with # I get the same error when I try to create the m103-admin user

here are the outputs of

ss -ltnp  
ss -ltnp
State         Recv-Q        Send-Q                Local Address:Port                  Peer Address:Port        Process                                                                                                        
LISTEN        0             4096                      127.0.0.1:8125                       0.0.0.0:*            users:(("netdata",pid=5347,fd=68))                                                                            
LISTEN        0             4096                        0.0.0.0:30783                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=254))                                                                        
LISTEN        0             4096                      127.0.0.1:19999                      0.0.0.0:*            users:(("netdata",pid=5347,fd=5))                                                                             
LISTEN        0             4096                        0.0.0.0:31808                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=43))                                                                         
LISTEN        0             64                          0.0.0.0:2049                       0.0.0.0:*                                                                                                                          
LISTEN        0             4096                        0.0.0.0:10050                      0.0.0.0:*            users:(("zabbix_agentd",pid=1809,fd=4),("zabbix_agentd",pid=1808,fd=4),("zabbix_agentd",pid=1807,fd=4),("zabbix_agentd",pid=1806,fd=4),("zabbix_agentd",pid=1805,fd=4),("zabbix_agentd",pid=1769,fd=4))
LISTEN        0             4096                  192.168.10.67:27011                      0.0.0.0:*            users:(("mongod",pid=129697,fd=14))                                                                           
LISTEN        0             4096                      127.0.0.1:27011                      0.0.0.0:*            users:(("mongod",pid=129697,fd=13))                                                                           
LISTEN        0             4096                      127.0.0.1:2947                       0.0.0.0:*            users:(("systemd",pid=1,fd=280))                                                                              
LISTEN        0             4096                  192.168.10.67:27012                      0.0.0.0:*            users:(("mongod",pid=44529,fd=14))                                                                            
LISTEN        0             4096                      127.0.0.1:27012                      0.0.0.0:*            users:(("mongod",pid=44529,fd=13))                                                                            
LISTEN        0             4096                  192.168.10.67:27013                      0.0.0.0:*            users:(("mongod",pid=44585,fd=14))                                                                            
LISTEN        0             4096                      127.0.0.1:27013                      0.0.0.0:*            users:(("mongod",pid=44585,fd=13))                                                                            
LISTEN        0             4096                      127.0.0.1:10248                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=279))                                                                        
LISTEN        0             4096                      127.0.0.1:27017                      0.0.0.0:*            users:(("mongod",pid=141575,fd=12))                                                                           
LISTEN        0             4096                      127.0.0.1:10249                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=248))                                                                        
LISTEN        0             3                         127.0.0.1:2601                       0.0.0.0:*            users:(("zebra",pid=1612,fd=25))                                                                              
LISTEN        0             80                          0.0.0.0:3306                       0.0.0.0:*            users:(("mariadbd",pid=1821,fd=31))                                                                           
LISTEN        0             4096                        0.0.0.0:59563                      0.0.0.0:*            users:(("rpc.mountd",pid=1990,fd=5))                                                                          
LISTEN        0             511                       127.0.0.1:6379                       0.0.0.0:*            users:(("redis-server",pid=1757,fd=6))                                                                        
LISTEN        0             4096                      127.0.0.1:6444                       0.0.0.0:*            users:(("k3s-server",pid=1958,fd=22))                                                                         
LISTEN        0             4096                        0.0.0.0:37261                      0.0.0.0:*            users:(("rpc.statd",pid=1989,fd=9))                                                                           
LISTEN        0             10                        127.0.0.1:5038                       0.0.0.0:*            users:(("asterisk",pid=7558,fd=7))                                                                            
LISTEN        0             4096                        0.0.0.0:47279                      0.0.0.0:*            users:(("rpc.mountd",pid=1990,fd=9))                                                                          
LISTEN        0             4096                        0.0.0.0:111                        0.0.0.0:*            users:(("rpcbind",pid=1204,fd=4),("systemd",pid=1,fd=235))                                                    
LISTEN        0             4096                      127.0.0.1:10256                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=257))                                                                        
LISTEN        0             4096                      127.0.0.1:10257                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=210))                                                                        
LISTEN        0             4096                      127.0.0.1:10258                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=201))                                                                        
LISTEN        0             4096                      127.0.0.1:10259                      0.0.0.0:*            users:(("k3s-server",pid=1958,fd=219))                                                                        
LISTEN        0             4096                        0.0.0.0:47219                      0.0.0.0:*            users:(("rpc.mountd",pid=1990,fd=13))                                                                         
LISTEN        0             32                     10.234.225.1:53                         0.0.0.0:*            users:(("dnsmasq",pid=13324,fd=7))                                                                            
LISTEN        0             32                     192.168.12.1:53                         0.0.0.0:*            users:(("dnsmasq",pid=3251,fd=6))                                                                             
LISTEN        0             32                     192.168.11.1:53                         0.0.0.0:*            users:(("dnsmasq",pid=3216,fd=6))                                                                             
LISTEN        0             32                    192.168.100.1:53                         0.0.0.0:*            users:(("dnsmasq",pid=3183,fd=6))                                                                             
LISTEN        0             4096                      127.0.2.1:53                         0.0.0.0:*            users:(("dnscrypt-proxy",pid=1749,fd=8),("systemd",pid=1,fd=269))                                             
LISTEN        0             128                       127.0.0.1:8118                       0.0.0.0:*            users:(("privoxy",pid=2114,fd=4))                                                                             
LISTEN        0             128                         0.0.0.0:22                         0.0.0.0:*            users:(("sshd",pid=1814,fd=3))                                                                                
LISTEN        0             128                       127.0.0.1:631                        0.0.0.0:*            users:(("cupsd",pid=1748,fd=8))                                                                               
LISTEN        0             244                       127.0.0.1:5432                       0.0.0.0:*            users:(("postgres",pid=1922,fd=4))                                                                            
LISTEN        0             3                         127.0.0.1:2616                       0.0.0.0:*            users:(("staticd",pid=1620,fd=12))                                                                            
LISTEN        0             244                       127.0.0.1:5433                       0.0.0.0:*            users:(("postgres",pid=1923,fd=6))                                                                            
LISTEN        0             64                          0.0.0.0:37849                      0.0.0.0:*                                                                                                                          
LISTEN        0             4096                      127.0.0.1:10010                      0.0.0.0:*            users:(("containerd",pid=8951,fd=18))                                                                         
LISTEN        0             244                       127.0.0.1:5434                       0.0.0.0:*            users:(("postgres",pid=1849,fd=6))                                                                            
LISTEN        0             4096                      127.0.0.1:9050                       0.0.0.0:*            users:(("tor",pid=1851,fd=6))                                                                                 
LISTEN        0             4096                          [::1]:8125                          [::]:*            users:(("netdata",pid=5347,fd=67))                                                                            
LISTEN        0             64                             [::]:2049                          [::]:*                                                                                                                          
LISTEN        0             4096                           [::]:10050                         [::]:*            users:(("zabbix_agentd",pid=1809,fd=5),("zabbix_agentd",pid=1808,fd=5),("zabbix_agentd",pid=1807,fd=5),("zabbix_agentd",pid=1806,fd=5),("zabbix_agentd",pid=1805,fd=5),("zabbix_agentd",pid=1769,fd=5))
LISTEN        0             4096                           [::]:53539                         [::]:*            users:(("rpc.mountd",pid=1990,fd=15))                                                                         
LISTEN        0             4096                          [::1]:2947                          [::]:*            users:(("systemd",pid=1,fd=279))                                                                              
LISTEN        0             4096                           [::]:42597                         [::]:*            users:(("rpc.statd",pid=1989,fd=11))                                                                          
LISTEN        0             4096                              *:10250                            *:*            users:(("k3s-server",pid=1958,fd=278))                                                                        
LISTEN        0             80                             [::]:3306                          [::]:*            users:(("mariadbd",pid=1821,fd=32))                                                                           
LISTEN        0             4096                              *:10251                            *:*            users:(("k3s-server",pid=1958,fd=218))                                                                        
LISTEN        0             4096                              *:6443                             *:*            users:(("k3s-server",pid=1958,fd=14))                                                                         
LISTEN        0             511                           [::1]:6379                          [::]:*            users:(("redis-server",pid=1757,fd=7))                                                                        
LISTEN        0             4096                           [::]:49839                         [::]:*            users:(("rpc.mountd",pid=1990,fd=7))                                                                          
LISTEN        0             4096                           [::]:111                           [::]:*            users:(("rpcbind",pid=1204,fd=6),("systemd",pid=1,fd=237))                                                    
LISTEN        0             511                               *:80                               *:*            users:(("apache2",pid=11166,fd=4),("apache2",pid=11165,fd=4),("apache2",pid=11159,fd=4),("apache2",pid=3098,fd=4),("apache2",pid=3097,fd=4),("apache2",pid=3096,fd=4),("apache2",pid=3095,fd=4),("apache2",pid=3094,fd=4),("apache2",pid=3093,fd=4),("apache2",pid=3053,fd=4),("apache2",pid=3044,fd=4))
LISTEN        0             64                             [::]:43635                         [::]:*                                                                                                                          
LISTEN        0             128                           [::1]:8118                          [::]:*            users:(("privoxy",pid=2114,fd=5))                                                                             
LISTEN        0             128                            [::]:22                            [::]:*            users:(("sshd",pid=1814,fd=4))                                                                                
LISTEN        0             128                           [::1]:631                           [::]:*            users:(("cupsd",pid=1748,fd=7))                                                                               
LISTEN        0             244                           [::1]:5432                          [::]:*            users:(("postgres",pid=1922,fd=3))                                                                            
LISTEN        0             244                           [::1]:5433                          [::]:*            users:(("postgres",pid=1923,fd=5))                                                                            
LISTEN        0             244                           [::1]:5434                          [::]:*            users:(("postgres",pid=1849,fd=5))                                                                            
LISTEN        0             4096                           [::]:44699                         [::]:*            users:(("rpc.mountd",pid=1990,fd=11))                                                                         
LISTEN        0             4096                              *:6556                             *:*            users:(("systemd",pid=1,fd=296))   
docker -ps  

docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

ps -aef |grep [m]ongodb

ps -aef |grep [m]ongodb
uli       127446   45830  0 15:58 pts/16   00:00:04 mongosh mongodb://local
mongodb   141575       1  0 16:49 ?        00:00:06 /usr/bin/mongod --config /etc/mongod.conf

Hope this will help.

Thanks,
Uli

can you also show your current mongod.conf file (with disabled access control)

More weird stuff.

Output of

ping local

The ss -tlnp output shows at least 3 instances of mongod listening.

But your ps output only shows:

May it is because you did

rather than

The trailing b you added might the others not show if started by another user. This, or the output is redacted.

With which user are you running

Can you do it as

hi steeve,

ps -aef | grep [m]ongod gives me

ps -aef |grep [m]ongodb
uli 127446 45830 0 15:58 pts/16 00:00:04 mongosh mongodb://local
mongodb 141575 1 0 16:49 ? 00:00:06 /usr/bin/mongod --config /etc/mongod.conf

the docker ps command I run as root@docker but docker is no docker container just a hostname therefore it shows no running docker containers

Regards,

Uli

hi steeve,

thanks for you help. the 3 instnaces I made to create a local replica set following this tutorial from mongo m103-course

Cloud: MongoDB Cloud

thats what I want to do so the ps command gives you 3 instances on 3 different ports 27011 27012 and 27013

my mongod.conf with diabled commented security section looks like this

# mongod.conf

# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:

  • dbPath: /var/lib/mongodb*
  • journal:*
  • enabled: true*
    # engine:
    # wiredTiger:

# where to write logging data.
systemLog:

  • destination: file*
  • logAppend: true*
  • path: /var/log/mongodb/mongod.log*

# network interfaces
net:

  • port: 27017*
  • bindIp: 127.0.0.1*

# how the process runs
processManagement:

  • timeZoneInfo: /usr/share/zoneinfo*

#security:
# authorization: disabled

Regards,

Uli

If the processes are listening they should show up with ps.

Share

ps -aef | grep 44529
ps -aef | grep 44585

Once again

Remove the trailing d from

and do it as root.