Change MongoDB user password in dbConnect.xml

Hi,

Is there an easy, manual way, to change the PasswordHash in dbConnect.xml?

We have to add authentication and change our MongoDB user and password for the deadline7db.

> db.getUsers()
[
        {
                "_id" : "deadline7db.deadline",
                "user" : "deadline",
                "db" : "deadline7db",
                "roles" : [
                        {
                                "role" : "readWrite",
                                "db" : "deadline7db"
                        }
                ]
        }
]

And probably the other DB’s listed in MongoDB too:

show dbs deadline6db 0.078GB deadline7db_Config 0.078GB deadline7db_JobState 0.078GB deadline7db_Jobs 0.078GB deadline7db_LimitStubs 0.078GB deadline7db_Limits 0.078GB deadline7db_Misc 0.078GB deadline7db_Reports 0.078GB deadline7db_Statistics 0.203GB deadline7db_StatusInfo 0.078GB deadline7db_Tasks 0.078GB

I can easily see and change the xml for Authentication (to true) and Username (to our MongoDB readWrite user) but PasswordHash has us stuck.

Any way to generate this Hash?

(Note, we run our MongoDB on a separate, standalone RHEL server, so its not part of the repo install when that’s done as its already installed)

Hello,

Can you verify what version of Deadline you are running? I am told one version of Deadline 7 had the passwordhash broken but it should be fixed in the latest version. Let me know.

Hello,

So there is a flag for deadlinecommand called UpdateDatabaseSettings which will allow you to write the password to the dbconnect file. See below for the full use of that flag.

UpdateDatabaseSettings
Updates the given repository’s dbConnect.xml file with the given database
settings.
[Repository] The path to the repository root
[Type] The database type (currently only MongoDB)
[Host] The host name or IP address of the database
machine
[Name] The database name
[Port] The database port
[AltPort] The alternate database port (not currently used)
[SSL] If SSL should be used to connect (not currently
used)
[Authenticate] If authentication is required
[Username] The username
[Password] The password
[Relpica Set] The Replica set name
[Split DB] If Database should be split (by default, it is
enabled)

I hope this helps

Thanks dwallbridge,

We’re using Deadline Version: 7.1.2.1 R (53013d5bd). I completely forgot about looking at deadlinecommand! I’ll give that a go today.

Some success. So far the following was done:

Command used was:

deadlinecommand -UpdateDatabaseSettings "\\servername\repository\v7" "MongoDB" "db.servername.dev" "deadline7db" "27017" "0" "false" "true" "deadlineuser" "password" "" "true"

I followed the 6.2 user manual for the command structure but it was giving an missing index error, so going off:

C:\Program Files\Thinkbox\Deadline7\bin>deadlinecommand.exe -help UpdateDatabaseSettings[/code]

[code]UpdateDatabaseSettings
  Updates the given repository's dbConnect.xml file with the given database settings.
    [Repository]             The path to the repository root
    [Type]                   The database type (currently only MongoDB)
    [Host]                   The host name or IP address of the database machine
    [Name]                   The database name
    [Port]                   The database port
    [AltPort]                The alternate database port (not currently used)
    [SSL]                    If SSL should be used to connect (not currently used)
    [Authenticate]           If authentication is required
    [Username]               The username
    [Password]               The password
    [Relpica Set]            The Replica set name
    [Split DB]               If Database should be split (by default, it is enabled)

Indicated that I need to include a “” “true” at the end to cover the indexes needed for ReplicaSetName (“”) and SplitDB (“true”). After that, success!

Current problem:

I can’t seem to get mongodb to auth against the supplied user. It was previously created without authentication. Any chance there’s a mongo script I can run on the local DB server that would setup the user privileges? I’ve tried:

C:\Program Files\Thinkbox\Deadline7\bin>deadlinecommand -ConfigureDatabase "MongoDB" "db.server.dev" "deadline7db" "27017" "0" "false" "true" "deadline" "password" "" "true"

But it tells me i haven’t started mongod with --auth (it is) or gives me:

[code]An error occurred while configuring the database:

An error occurred while trying to Query the Database (db.server.dev):
27017). It is possible that Deadline failed to Authenticate properly. Please che
ck that the Mongo Username/Password are correct.

Full error: QueryFailure flag was not authorized for query on deadline7db_Misc.s
ystem.namespaces (response was { “$err” : “not authorized for query on deadline7
db_Misc.system.namespaces”, “code” : 13 }).[/code]

I’ve tried:
db.createUser({user: “deadline”,pwd: “password”,roles: [{role: “userAdminAnyDatabase”,db: “admin”}]})

But that doesn’t work, i’ve also tried adding the deadline user to the deadline7db DB, still no luck.

Currently my deadline7db looks like:

[code]> use deadline7db
switched to db deadline7db

db.getUsers()
[
{
“_id” : “deadline7db.deadline”,
“user” : “deadline”,
“db” : “deadline7db”,
“roles” : [
{
“role” : “readWrite”,
“db” : “deadline7db”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Config”
},
{
“role” : “readWrite”,
“db” : “deadline7db_JobState”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Jobs”
},
{
“role” : “readWrite”,
“db” : “deadline7db_LimitStubs”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Limits”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Misc”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Reports”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Statistics”
},
{
“role” : “readWrite”,
“db” : “deadline7db_StatusInfo”
},
{
“role” : “readWrite”,
“db” : “deadline7db_Tasks”
}
]
}
]
[/code]

And the DL Monitor on startup gives me:

Traceback (most recent call last): File "DeadlineMonitor\UI\Forms\MainWindowStartup.py", line 309, in Startup DatabaseConnectionException: An error occurred when trying to connect to the Database. See inner exception for details. at g.a(MongoDatabase A_0, Boolean A_1) at Deadline.StorageDB.MongoDB.MongoSettingsStorage.GetRepositoryDateTime() at Deadline.Monitor.MonitorManager.GetDefaultMonitorLayout(Boolean& resetAtStartup)

Should I look at completely dropping and starting fresh? Don’t need to keep anything in the repo etc.

So judging from the output of your db.getUsers, it looks like you’ve got most of it right.

However, in Deadline 7, we also need the ‘clusterMonitor’ role (see docs.mongodb.org/manual/referen … tion-roles for details on what this role grants – it is a read-only role, though). I believe this role needs to be targetted to the ‘admin’ DB, but since we’re authenticating against the ‘deadline7db’ DB, you would need to grant the role in there (this would be similar to what you’ve already done to grant readWrite to the other Deadline DBs).

Another thing to note is that the authentication is just not working for integrated Submission Scripts in some versions of Deadline 7. If you do the above and the Monitor, Slave, etc works, but are have trouble with submission scripts, try updating to the 7.2.1 release, which fixed these issues.

Cheers,
Jon