Discussion:
MongoDB Charts - problem adding datasource with SSL
(too old to reply)
r***@youplant.eu
2018-12-03 10:06:40 UTC
Permalink
Hi all! I’ve got some trouble adding a datasource to charts (0.10.0).
The database I’m trying to add is a replicaset with SSL connection
encryption. It also uses x509 for cluster auth mode (but this should be
irrelevant here?)
The certificates used with the mongodb replicaset have been issued by a
internal ca.
I’m providing the ca’s public certificate to mongo charts under
/mongodb-charts/volumes/db-certs/

The connection string I’m using is something like
“mongodb://username:***@mongodb-host1:27017/admin?replicaSet=rs-name&ssl=true”
I can resolve the dns name and also ping mongodb-host1 from the docker
container where charts is running.
Whenever I try to add a new datasource and hit the Connect button, charts
ist trying to connect for some seconds and then comes back with the error
message “error connecting to MongoDB: error connecting to MongoDB service
cluster: server selection timeout”.

on the mongodb server side there is not much in the logs. I can tell there
are connection tries by log entries like:

2018-11-30T14:17:49.649+0000 I NETWORK [listener] connection accepted from
10.42.65.36:35436 #55128 (11 connections now open)
2018-11-30T14:17:49.650+0000 I NETWORK [conn55128] end connection 10.42.
65.36:35436 (10 connections now open)
2018-11-30T14:17:49.652+0000 I NETWORK [listener] connection accepted from
10.42.65.36:35438 #55129 (11 connections now open)
2018-11-30T14:17:49.653+0000 I NETWORK [conn55129] end connection 10.42.
65.36:35438 (10 connections now open)
2018-11-30T14:17:50.150+0000 I NETWORK [listener] connection accepted from
10.42.65.36:35442 #55130 (11 connections now open)


This is basically where I’m stuck for now - its not working but I’ve got no
“real” error message, pinpointing me to the problem.
Is it really enough to just copy the ca’s certificate to the db-certs
folder? (I’ve also tried to issue a new client certificate for charts and
put the new cert, the key and ca cert into one .pem file).
What am I missing?
Any Ideas?
--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.

For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+***@googlegroups.com.
To post to this group, send email to mongodb-***@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/dbf52d19-aee8-4b1a-a80e-874206ae3822%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Continue reading on narkive:
Loading...