Mongo 4.0.x: unable to create user

[Wimmesberger]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.6
• Ruby: 2.5.1
• Distribution: Ubuntu 18.04
• Module version: 2.4.1
• mongodb-org-server: 4.0.5

How to reproduce (e.g Puppet code you use)

class { 'mongodb::server':
    create_admin => true,
    admin_username => 'admin',
    admin_password => 'test123',
}

or

create_resources('mongodb::db', $mongo_dbs)

What are you seeing

Every puppet run completes successfully and states that the user(s) have been created. This causes the puppet runs to never get to a stable state.

The response json from the generated mongo command points out, that SCRAM-SHA-256 (default mechanism in mongodb 4.0.x) requires that the digest is done on the server (= digestPassword: true)
see https://docs.mongodb.com/manual/reference/command/createUser/ for reference.

What behaviour did you expect instead

Either:
The user is created.
Provide a parameter to customize the values of digestPasswort/mechanism.
The puppet run fails with an error (but that would require parsing the output).

Any additional information you'd like to impart

As a workaround I use a custom systemd dropin file for mongod which adds --setParameter authenticationMechanisms=SCRAM-SHA-1,PLAIN to the ExecStart to disable SCRAM-SHA-256

[negast]

Following fork fixed this for me: https://github.com/datty/puppet-mongodb

Note that in this fork your admin user has to be named admin in order to use the create_adminuser function. I created a subfork to only do this for the database named admin. But I guess maybe a boolean would be better.
original: https://github.com/datty/puppet-mongodb
mySubFork: https://github.com/negast/puppet-mongodb

[ram2valar]

@negast @datty Tried with the original and sub-fork to create admin user, but it failed with following message during puppet pull:

Error: Could not prefetch mongodb_database provider 'mongodb': undefined local variable or method n' for Puppet::Type::Mongodb_database::ProviderMongodb:Class Did you mean? n_ N_ Error: Failed to apply catalog: undefined local variable or method n' for Puppet::Type::Mongodb_database::ProviderMongodb:Class
Did you mean? n_
N_

[mungo312]

The fork is based on an old version. Maybe @negast can update it ? Or get it merged ? It is fixed with commit e27e9f0

[dhs-rec]

Any chance to get this merged? Already had to create users manually in order to get things set up.

[identw]

Any chance to get this merged? Already had to create users manually in order to get things set up.

Yes it will work. For example:

1. I manually created a user "test" in the "test" database.

[
	{
		"_id" : "test.test",
		"userId" : UUID("c189ea17-4294-4972-a27f-89a663ec429b"),
		"user" : "test",
		"db" : "test",
		"roles" : [
			{
				"role" : "readWrite",
				"db" : "test"
			}
		],
		"mechanisms" : [
			"SCRAM-SHA-1",
			"SCRAM-SHA-256"
		]
	}
]

Example list collections:

mongo -utest -ptest --authenticationDatabase test --norc test --eval 'db.getCollectionNames()'
MongoDB shell version v4.2.1
connecting to: mongodb://127.0.0.1:27017/test?authSource=test&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("09d34fdc-d80b-473c-a0de-10349b92414f") }
MongoDB server version: 4.2.1
[ "test" ]

2. I added a puppet's resource to create this user:

    mongodb_user { 'test':
        name          => 'test',
        ensure        => 'present',
        database      => 'test',
        password_hash => mongodb_password('test', 'test'),
        roles         => ['readWrite'],
        require       => [
            Mongodb_database['test']
        ]
    }

And apply agent:

$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for test-mongo
Info: Applying configuration version '1574706120'
Notice: /Stage[main]/Mongodb/Mongodb_user[test]/ensure: created
Notice: Applied catalog in 10.75 seconds

And check it

root@mongo16-2:~# mongo -utest -ptest --authenticationDatabase test --norc test --eval 'db.getCollectionNames()'
MongoDB shell version v4.2.1
connecting to: mongodb://127.0.0.1:27017/test?authSource=test&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("2f199334-fd71-47ed-a68a-5fd9109f660f") }
MongoDB server version: 4.2.1
[ "test" ]

Check second puppet apply:

# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for mongo-test
Info: Applying configuration version '1574706851'
Notice: Applied catalog in 9.85 seconds