3.6: When using --auth mongod binds to localhost only

[acuntex]

The following command does not use "--bind_ip_all" thus binding to localhost and making it impossible to use the mongodb server.

docker run -d --restart=always --name mongo -v mongo:/data/db -p 27017:27017 mongo:3.6 --auth

Further Infos: I tried to upgrade a 3.4 instance to 3.6. (Same run command but with a different version)

[ozlerhakan]

Have you used setFeatureCompatibilityVersion in your mongod 3.4 server before upgrading it to 3.6? You need to use featureCompatibilityVersion in your mongod 3.4 server then you are allowed to use your data with a mongod 3.6 service.

# log in to your mongod 3.4 server
> db.adminCommand( { setFeatureCompatibilityVersion: "3.4" } )
> exit
# migrate your data now
$ docker run -d --restart=always --name mongo -v mongo:/data/db -p 27017:27017 mongo:3.6 --auth  --bind_ip_all

[tianon]

Yeah, this was discussed over in #180 when the change to MongoDB's default bind behavior was made in 3.5 (before the 3.6 GA); @yosifkit is having a big "told you so moment" right now. 😄 😞

[acuntex]

@ozlerhakan: Yes, i did "db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )" and it was 3.4. But that's not the issue. From within the container i can connect without problems.

I'm not quite firm about bash but the docker-entrypoint.sh seems to ensure that "--bind_ip_all" gets removed.
Even though the Dockerfile has a "--bind_ip_all" in the CMD, it doesn't seem to work.

It should be either documented or ensured that "--bind_ip_all" is added everytime. Is there any case in which you don't want to bind to all ips in a docker container?
As far as I can see it was introduced to secure mongo to not be connectable from remote... But the port mapping to the host should be handled by docker.