Mongo "auth fails" using bitnami meanstack

[Brad Porter]

I have used bitnami stacks for many online apps to get them up and running quick.  They didn't have one for keystone, but they do have "meanstack" which included everything but keystone.  I followed the directions using yo and generator-keystone.  Everything looked good until I ran
node keystone
It looks like a simple auth error.  keystone is probably expecting to see a user in the mongodb that does not exist, but I can't find what user that is.  The bitnami installer asks for a mongodb root password.  I can login to mongo and see the empty database that "node keystone" generated.  I add the following line to the .env file:

MONGO_URI=mongodb://root:password@@localhost:27017/mysite

Below is the output of "node keystone"
I suspect there is a simple solution, such as adding a user to mongo.  keystone must be looking for a user other than "root".  I assumed that the bson warning was not an issue for getting started or related to the auth error, so I am not trying to fix it at the moment.

Suggestions?

*********************
js-bson: Failed to load c++ bson extension, using pure JS version
------------------------------------------------
Mongo Error:

{ [MongoError: auth fails] name: 'MongoError', code: 18, ok: 0, errmsg: 'auth fa
ils' }

/opt/meanstack-2.4.10-0/apache2/htdocs/circle/node_modules/keystone/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/base.js:245
        throw message;

*********************
Brad

[Brad Porter]

I should mention that mongo is version 2.4.10, but there was nothing in the keystone installation instructions that said it needed to be a specific version of mongo.

Brad

[j...@keystonejs.com]

Hi Brad,

Keystone definitely works with 2.4.10

There isn't a hard-coded user, and if you omit the auth details from the mongodb url it will use the default.

This is actually passed straight through to mongoose and the mongodb driver, so it may be possible that 'root:password' is not actually a valid user / password combo for the database that you've deployed?

Try figuring out what the bitnami installer has set up in terms of user accounts for mongo maybe?

- Jed

[Brad Porter]

Jed,
Bitnami does use "root" for the username.  I am able to login to mongo with:
mongo admin -uroot -p
There I can see that
node keystone
has create an empty database for my project, when I enter "show dbs".
show users
lists nothing after "use projname"
After "use admin", "show users" lists:
> show users
{
        "_id" : ObjectId("randomstring1"),
        "user" : "root",
        "pwd" : "randomstring2",
        "roles" : [
                "readWriteAnyDatabase",
                "userAdminAnyDatabase",
                "dbAdminAnyDatabase",
                "clusterAdmin"
        ]
}
Brad

[j...@keystonejs.com]

Hmm.

I just realised that you've got two @ symbols in your connection string - is that a typo, or is it in your config too? because that might be causing the trouble...

Mongoose connection docs are here: http://mongoosejs.com/docs/connections.html

The MONGO_URI setting is passed straight to mongoose.connect() as the only argument, so if it's a valid connection string it should work.

If you're still having trouble I'll see if someone from MongoDB can shed some light...

- Jed.

[Brad Porter]

The double @@ was just a typo in the post, not the .env file.

I did get this to work in my home directory without using sudo for any of the installation.  I think the problem may have been in using sudo in a root owned space.  That is how I normally set up sites.  It's actually not clear to me how I opened a port without sudo in order to get this to work.  In any case, bitnami meanstack did provide an easy setup environment to test this out.

Brad

[Marty Hirsch]

I have a similar problem.  Starting with bitnami meanstack 64 on AWS, I got yeoman installed and ran yo keystone with success (eventually).  However, node keystone produces the following error:

Error searching database for update 0.0.1-admins:

{ [MongoError: not authorized for query on super-chess-site.app_updates] name: 'MongoError' }

This looks like an authorization issue, in which mongoDB is not getting a valid password.

So my question is this.  

From where does Keystone obtain the username and password for its database connections?

[Marty Hirsch]

I got it to work.  I had to add the admin credentials to .env and explicitly reference the "admin" database.

So this line must be added to .env in the site root directory.

MONGO_URI=mongodb://root:PASSWORD@localhost:27017/admin

Now keystone is writing directly into the admin database.  I would rather it use another database, but yeoman never provided that option, so perhaps it is not possible.

[Sripathi Jagannathan]

Posting here as this still comes as the number one search result on Google for "Bitnami AWS KeystoneJS MongoDB authorization error". This is still an issue with Bitnami MEAN stack but only because Bitnami's MongoDB configuration file is set for auth=true (authorization: enabled). If you comment auth=true and un-comment noauth=true, restart MongoDB, KeystoneJS does not throw this error. 

Ideally though you want authorization enabled and want KeystoneJS to login using the MONGO_URI in the .env as described in this thread, but I feel it would be better to actually create a KeystoneJS specific user and DB and pass that in the MONGO_URI. That's what I did and it works as expected, obviously because as Jed points out the credentials are just passed straight through to Mongoose, which creates the collections and the admin user in the newly created keystone db.

I also found I could reproduce this issue in any Unix/Linux instance which has authorization enabled for MongoDB, so not really a Keystone issue as much as a security/setup consideration. 

Hope this helps anyone else having the same problem.

[Simon]

Sripathi you're a legend.
I've been having the same issues described above, but thankfully I really don't require Mongo to be locked down, so your suggestion helped.