[BUG] init-mongo.sh is missing permissions to a database called ${MONGO_DBNAME}_audit

[byarea]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

the current readme result is a not working container

The init-mongo.sh is missing permissions to a database called ${MONGO_DBNAME}_audit

Expected Behavior

following the readme should result in a working container

Steps To Reproduce

1 follow the readme

Environment

- OS: Ubuntu server 24.04
- How docker service was installed: Docker compose via ansible

CPU architecture

x86-64

Docker creation

keep in mind that this is ansible code not the direct docker compose

unifi_compose_project_name: "unifi"
unifi_compose_services:
  unifi-network-application:
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network-application
    environment:
      PUID: "{{ unifi_compose_uid }}"
      PGID: "{{ unifi_compose_uid }}"
      TZ: "Etc/UTC"
      MONGO_USER: "{{ mongo_unifidb_user }}"
      MONGO_PASS: "{{ mongo_unifidb_pass }}"
      MONGO_HOST: "unifi-db"
      MONGO_PORT: 27017
      MONGO_DBNAME: "{{ mongo_unifidb_dbname }}"
      MONGO_AUTHSOURCE: "{{ mongo_authsource }}"
      MEM_LIMIT: 1024
      MEM_STARTUP: 1024
    volumes:
      - config:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
    restart: "unless-stopped"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-hq_app_overlay"
      # router
      - "traefik.http.routers.unifi-secure.entrypoints=web-secure"
      - "traefik.http.routers.unifi-secure.rule=Host(`unifi.example.com`)"
      - "traefik.http.routers.unifi-secure.middlewares=internal@file"
      # services
      - "traefik.http.services.unifi.loadbalancer.server.port=8443"
      - "traefik.http.services.unifi.loadbalancer.server.scheme=https"

    networks:
      app_macvlan:
        ipv4_address: "{{ unifi_network_application_ipv4 }}"
      backend: {}
      traefik-hq_app_overlay: {}
    depends_on:
      - unifi-db

  unifi-db:
    image: docker.io/mongo:8.0
    container_name: unifi-db
    user: "{{ mongo_unifidb_uid }}:{{ mongo_unifidb_uid }}"
    environment:
      MONGO_INITDB_ROOT_USERNAME: "{{ mongo_initdb_root_username }}"
      MONGO_INITDB_ROOT_PASSWORD: "{{ mongo_initdb_root_password }}"
      MONGO_USER: "{{ mongo_unifidb_user }}"                # var for init script
      MONGO_PASS: "{{ mongo_unifidb_pass }}"                # var for init script
      MONGO_DBNAME: "{{ mongo_unifidb_dbname }}"            # var for init script
      MONGO_AUTHSOURCE: "{{ mongo_authsource }}"    # var for init script
    volumes:
      - "dbdata:/data/db"
      - "{{ compose_deployment_base_dir }}/{{ unifi_compose_project_name }}/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro"
    restart: unless-stopped
    networks:
      backend: {}

unifi_compose_networks_config:
  app_macvlan:
    external: true
  backend:
    driver: bridge
    internal: true
  traefik-hq_app_overlay:
    external: true
unifi_compose_volumes_config:
  config: {}
  dbdata: {}

fixed init-mongo.sh

#!/bin/bash

# This script initializes a MongoDB user and grants permissions for the UniFi Network Application.
# It's designed to be run by the Docker entrypoint for MongoDB during initial setup.

# Default to mongosh. Change to "mongo" if using an older MongoDB version.
MONGO_CLI="mongosh"

# Ensure the following environment variables are set in your docker-compose.yml for the MongoDB service:
# - MONGO_INITDB_ROOT_USERNAME: The root username for MongoDB.
# - MONGO_INITDB_ROOT_PASSWORD: The root password for MongoDB.
# - MONGO_USER: The username to create for the UniFi application.
# - MONGO_PASS: The password for the UniFi application user.
# - MONGO_DBNAME: The main database name for UniFi (e.g., "unifi").
# - MONGO_AUTHSOURCE: The authentication database, typically "admin" where the root user is defined.

# Connect to MongoDB as root and execute user creation commands.
"${MONGO_CLI}"  --norc --host localhost \
                --authenticationDatabase "${MONGO_AUTHSOURCE}" \
                -u "${MONGO_INITDB_ROOT_USERNAME}" \
                -p "${MONGO_INITDB_ROOT_PASSWORD}" <<EOF

// Switch to the authentication source database (usually 'admin')
db = db.getSiblingDB('${MONGO_AUTHSOURCE}');

// Create the UniFi application user
// This grants dbOwner role, allowing the user to fully manage these databases.
db.createUser({
  user: "${MONGO_USER}",
  pwd: "${MONGO_PASS}",
  roles: [
    { role: "dbOwner", db: "${MONGO_DBNAME}" },
    { role: "dbOwner", db: "${MONGO_DBNAME}_stat" },
    { role: "dbOwner", db: "${MONGO_DBNAME}_audit" }
  ]
});

print("MongoDB: User '${MONGO_USER}' created with dbOwner access to '${MONGO_DBNAME}', '${MONGO_DBNAME}_stat', and '${MONGO_DBNAME}_audit'.");

EOF

# Exit with the status of the mongosh command
exit $?

Container logs

Exception in thread "launcher" java.lang.IllegalStateException: Tomcat failed to start up

        at com.ubnt.net.S.ØÔ0000(Unknown Source)

        at com.ubnt.service.ooOO.Òo0000(Unknown Source)

        at com.ubnt.ace.Launcher.Ó00000(Unknown Source)

        at com.ubnt.ace.Launcher.main(Unknown Source)

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'auditDbService' defined in com.ubnt.service.DatabaseSpringContext: Command failed with error 13 (Unauthorized): 'not authorized on unifi_audit to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: "unifi_audit", lsid: { id: UUID("6d0c778e-fc84-4179-9967-17abed57129f") } }' on server unifi-db:27017. The full response is {"ok": 0.0, "errmsg": "not authorized on unifi_audit to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: \"unifi_audit\", lsid: { id: UUID(\"6d0c778e-fc84-4179-9967-17abed57129f\") } }", "code": 13, "codeName": "Unauthorized"}

        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1806)

        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:600)

        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522)

        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:337)

        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)

        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:335)

        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200)

        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975)

        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:971)

        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:625)

        at com.ubnt.service.F.Õ00000(Unknown Source)

        at com.ubnt.service.ooOO.Óo0000(Unknown Source)

        at com.ubnt.net.S.õÔ0000(Unknown Source)

        at com.ubnt.net.S.ÕÔ0000(Unknown Source)

        ... 4 more

Caused by: com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized): 'not authorized on unifi_audit to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: "unifi_audit", lsid: { id: UUID("6d0c778e-fc84-4179-9967-17abed57129f") } }' on server unifi-db:27017. The full response is {"ok": 0.0, "errmsg": "not authorized on unifi_audit to execute command { listCollections: 1, cursor: {}, nameOnly: true, $db: \"unifi_audit\", lsid: { id: UUID(\"6d0c778e-fc84-4179-9967-17abed57129f\") } }", "code": 13, "codeName": "Unauthorized"}

        at com.mongodb.internal.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:205)

        at com.mongodb.internal.connection.InternalStreamConnection.receiveCommandMessageResponse(InternalStreamConnection.java:431)

        at com.mongodb.internal.connection.InternalStreamConnection.sendAndReceive(InternalStreamConnection.java:354)

        at com.mongodb.internal.connection.UsageTrackingInternalConnection.sendAndReceive(UsageTrackingInternalConnection.java:114)

        at com.mongodb.internal.connection.DefaultConnectionPool$PooledConnection.sendAndReceive(DefaultConnectionPool.java:743)

        at com.mongodb.internal.connection.CommandProtocolImpl.execute(CommandProtocolImpl.java:76)

        at com.mongodb.internal.connection.DefaultServer$DefaultServerProtocolExecutor.execute(DefaultServer.java:209)

        at com.mongodb.internal.connection.DefaultServerConnection.executeProtocol(DefaultServerConnection.java:115)

        at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:83)

        at com.mongodb.internal.connection.DefaultServerConnection.command(DefaultServerConnection.java:74)

        at com.mongodb.internal.connection.DefaultServer$OperationCountTrackingConnection.command(DefaultServer.java:299)

        at com.mongodb.internal.operation.SyncOperationHelper.createReadCommandAndExecute(SyncOperationHelper.java:270)

        at com.mongodb.internal.operation.ListCollectionsOperation.lambda$execute$1(ListCollectionsOperation.java:167)

        at com.mongodb.internal.operation.SyncOperationHelper.lambda$withSourceAndConnection$0(SyncOperationHelper.java:124)

        at com.mongodb.internal.operation.SyncOperationHelper.withSuppliedResource(SyncOperationHelper.java:149)

        at com.mongodb.internal.operation.SyncOperationHelper.lambda$withSourceAndConnection$1(SyncOperationHelper.java:123)

        at com.mongodb.internal.operation.SyncOperationHelper.withSuppliedResource(SyncOperationHelper.java:149)

        at com.mongodb.internal.operation.SyncOperationHelper.withSourceAndConnection(SyncOperationHelper.java:122)

        at com.mongodb.internal.operation.ListCollectionsOperation.lambda$execute$2(ListCollectionsOperation.java:164)

        at com.mongodb.internal.operation.SyncOperationHelper.lambda$decorateReadWithRetries$12(SyncOperationHelper.java:289)

        at com.mongodb.internal.async.function.RetryingSyncSupplier.get(RetryingSyncSupplier.java:67)

        at com.mongodb.internal.operation.ListCollectionsOperation.execute(ListCollectionsOperation.java:175)

        at com.mongodb.internal.operation.ListCollectionsOperation.execute(ListCollectionsOperation.java:73)

        at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:153)

        at com.mongodb.client.internal.MongoIterableImpl.execute(MongoIterableImpl.java:130)

        at com.mongodb.client.internal.MongoIterableImpl.iterator(MongoIterableImpl.java:90)

        at com.mongodb.client.internal.MongoIterableImpl.forEach(MongoIterableImpl.java:116)

        at com.mongodb.client.internal.MappingIterable.forEach(MappingIterable.java:62)

        at com.mongodb.client.internal.MappingIterable.into(MappingIterable.java:67)

        at com.mongodb.client.internal.ListCollectionNamesIterableImpl.into(ListCollectionNamesIterableImpl.java:104)

        at com.ubnt.service.system.aA.Objectsuper(Unknown Source)

        at com.ubnt.service.system.aA.afterPropertiesSet(Unknown Source)

        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1853)

        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1802)

        ... 17 more

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[ratbich]

Helo,

I had an existing install with stack of the app and mongoDB 8.0 and I got this error in my lolg after upgrading to 9.1.120. The dashboard would be blank and flows would give error on the page.

This is how I fixed the perm issue:

Attached to console on the running mongo container

Log in to DB using the defined root user setup

mongosh "mongodb://USER:PASSWORD@localhost"

switch to admin DB

use admin;

Check current permissions on user, I am using unifi as username for this, change username if using something else defined in the compose

db.getUser("unifi")

execute this to give access to required unifi_audit

db.grantRolesToUser(
    "unifi",
    [
      { role: "dbOwner", db: "unifi_audit" }
    ]
)

Then check user permissions again, should show the new unifi_audit DB

db.getUser("unifi")

Then, restart unifi controller and the migration of DB should finish and DB should be created and controller pages load properly

[dgrzjohn]

Helo,

I had an existing install with stack of the app and mongoDB 8.0 and I got this error in my lolg after upgrading to 9.1.120. The dashboard would be blank and flows would give error on the page.

This is how I fixed the perm issue:

Attached to console on the running mongo container

Log in to DB using the defined root user setup

mongosh "mongodb://USER:PASSWORD@localhost"

switch to admin DB

use admin;

Check current permissions on user, I am using unifi as username for this, change username if using something else defined in the compose

db.getUser("unifi")

execute this to give access to required unifi_audit

db.grantRolesToUser(
    "unifi",
    [
      { role: "dbOwner", db: "unifi_audit" }
    ]
)

Then check user permissions again, should show the new unifi_audit DB

db.getUser("unifi")

Then, restart unifi controller and the migration of DB should finish and DB should be created and controller pages load properly

Thank you I haven't been able to access my dashboard for days, this worked for me!

[domasist]

Helo,

I had an existing install with stack of the app and mongoDB 8.0 and I got this error in my lolg after upgrading to 9.1.120. The dashboard would be blank and flows would give error on the page.

This is how I fixed the perm issue:

Attached to console on the running mongo container

Log in to DB using the defined root user setup

mongosh "mongodb://USER:PASSWORD@localhost"

switch to admin DB

use admin;

Check current permissions on user, I am using unifi as username for this, change username if using something else defined in the compose

db.getUser("unifi")

execute this to give access to required unifi_audit

db.grantRolesToUser(
    "unifi",
    [
      { role: "dbOwner", db: "unifi_audit" }
    ]
)

Then check user permissions again, should show the new unifi_audit DB

db.getUser("unifi")

Then, restart unifi controller and the migration of DB should finish and DB should be created and controller pages load properly

This solved the problem with error in Flow dashboard. Thank you a lot.

[jasondefuria]

@ratbich I do not know enough to get started- How do you do the first step "Attached to console on the running mongo container"

is it docker attach unifi-db? Something else?

[byarea]

@ratbich I do not know enough to get started- How do you do the first step "Attached to console on the running mongo container"

is it docker attach unifi-db? Something else?

docker exec -it containername bash

If it doesn’t have bash

docker exec -it containername sh

[jasondefuria]

@byarea Well that makes a lot more sense. Thank you!