Harness UR - MongoDB Auth config in docker compose

[binji.e...@gmail.com]

Hi,

Due to securities reasons, we need to apply authentication on our mongoDB.

We currently use the universal recommender and the setup is via docker-compose (see below).

Is there any way to define the harness mongoDB user/pwd in the docker compose?

Any info would be much appreciated!

Thanks

Eran 

the current docker-compose:

-------------------------------------------------------------------

version: '3'

services:

 

  hm_harness:

    restart: always

    image: actionml/harness:0.6.2-10-g1939d23c

    container_name: hm_harness

    ports:

      - "9090:9090"

    environment:

      MONGO_URI: ${MONGO_URI}

      HARNESS_URI: http://0.0.0.0:9090

      ELASTICSEARCH_URI: ${ELASTICSEARCH_URI}

    depends_on:

      - hm_mongo

    volumes:

      - ${HARNESS_LOGS}:/harness/logs

      - ${HARNESS_DATA}:/data

     

  hm_mongo:

    restart: always

    image: mongo:4.2

    container_name: hm_mongo

    command: --logappend --logpath=/tmp/mongod.log

    ports:

      - "27017:27017"

    volumes:

      - ${MONGO_LOGS}:/logs

      - ${MONGO_DATA}:/data/db

  hm_harness-cli:

    restart: always

    image: actionml/harness-cli:latest

    container_name: hm_harness-cli

    environment:

        HARNESS_SERVER_ADDRESS: hm_harness

    volumes:

    - ${HARNESS_DATA}:/data

  hm_logstash:

    restart: always

    hostname: ${HOSTNAME}

    image: docker.elastic.co/logstash/logstash:7.9.3

    container_name: hm_logstash

    volumes:

      - ${LOGSTASH_DATA}/pipeline:/usr/share/logstash/pipeline

      - ${LOGSTASH_DATA}/logstash.yml:/usr/share/logstash/config/logstash.yml

      - ${HARNESS_LOGS}:/usr/share/logstash/harness

  hm_metricbeat:

    restart: always

    hostname: ${HOSTNAME}

    user: root

    image: docker.elastic.co/beats/metricbeat:7.10.0

    container_name: hm_metricbeat

    volumes:

      - ${METRIC_BEAT_DATA}/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml

      - /var/run/docker.sock:/var/run/docker.sock:ro

[Levente Lang]

Hi Eran,

you can set up the Mongo connection string to use auth. Check Mongo documentation on how to do that.

Here is a useful tutorial on that: https://hackernoon.com/mongodb-and-docker-compose-how-to-enable-a-custom-user-and-password-automatically

Btw, I'm curious, why are there security reasons to use auth? If you don't expose a port to the host (27017) the other services in the docker compose will see each other as they share the same internal network. Is it neccessary for the Mongo to be accessible from outside the container?

[Pat Ferrel]

The primary rationale for auth is to use SaaS like MongoDB Atlas or ElasticSearch cloud.

BTW the ActionML site docs are here: https://github.com/actionml/docs.actionml.com

--
You received this message because you are subscribed to the Google Groups "actionml-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to actionml-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/actionml-user/03cb333a-37ca-432f-8378-922dfe64d13cn%40googlegroups.com.

[binji.e...@gmail.com]

thanks a lot for the tip :)

at the end I had to add the two env vars below in the .env file and that did it all to set the usr/pwd for mongo :)

MONGO_USERNAME=...
MONGO_PASSWORD=...

if you use docker compose:

harness part - add the below:

      HARNESS_MONGODB_USERNAME: ...
      HARNESS_MONGODB_PASSWORD: ...

mongoDB part:

    environment:
      MONGO_INITDB_ROOT_USERNAME: ...
      MONGO_INITDB_ROOT_PASSWORD: ...

[binji.e...@gmail.com]

BTW, there were no special reasons, it was only the company policy that each DB will have an intern usr/pwd login

On Thursday, April 11, 2024 at 8:52:32 PM UTC+2 lang.le...@gmail.com wrote: