[PT-1891] pt-mongodb-summary fails for SSL enabled mongodb instances - Percona JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: High
Resolution: Fixed
Affects Version/s: 3.1.0, 3.2.1
Fix Version/s: 3.3.0
Component/s: None
Labels:
- prep/BackEnd

Epic Link:
pt -* - summary actions
Needs Review:
Yes
Needs QA:
Yes
Story Points:
2

Description

Clone of https://jira.percona.com/browse/PT-1822

Issue: unable to use pt-mongodb-summary for SSL enabled MongoDB instances

The issue still exists for MongoDB configured to use SSL.

Looks like pt-mongodb-summary can't connect to SSL enabled mongodb .

Test:

# ./pt-mongodb-summary --version
pt-mongodb-summary
Version v3.2.1
Build: 2020-08-12T21:06:41+0000 using go1.14.4
Commit: 750d2ef9d9fbc6363eb7528e6be61e2bfda7ac79

MongoDB with SSL configuration.

mongodb.cnf

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1
  ssl:
    mode: requireSSL
    PEMKeyFile: /etc/mongodb/mongodb.pem
    CAFile: /etc/mongodb/rootCA.pem

case1:

SSL connection to mongodb via mongo client works fine.
# mongo --host=localhost --ssl --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem  -u mroot -p mroot123 --authenticationDatabase admin 


# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --ssl --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem  --username mroot --password mroot123  > pt-mongodb-summary.out;
unknown option: --ssl

using option mentioned in ./pt-mongodb-summary --help

    --sslCAFile=value
                SSL CA cert file used for authentication
     --sslPEMKeyFile=value
                SSL client PEM file used for authentication

# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem  --username mroot --password mroot123  > pt-mongodb-summary_ssl.out
Password: 
ERRO[0100] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] }

case 2:

# mongo "localhost:27017" --authenticationDatabase admin --ssl --username mroot --password mroot123
2020-09-21T18:30:44.392+0530 W  CONTROL  [main] Option: ssl is deprecated. Please use tls instead.
MongoDB shell version v4.2.8
connecting to: mongodb://localhost:27017/test?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123 --ssl  > pt-mongodb-summary.out
Password: 
ERRO[0095] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] } 


mongodb logs:
2020-09-21T18:45:14.975+0530 I  NETWORK  [conn720] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:34312 (connection id: 720)
2020-09-21T18:45:14.975+0530 I  NETWORK  [conn720] end connection 127.0.0.1:34312 (1 connection now open)
2020-09-21T18:45:15.477+0530 I  NETWORK  [listener] connection accepted from 127.0.0.1:34316 #721 (2 connections now open)
2020-09-21T18:45:15.478+0530 I  NETWORK  [conn721] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:34316 (connection id: 721)
2020-09-21T18:45:15.478+0530 I  NETWORK  [conn721] end connection 127.0.0.1:34316 (1 connection now open)

case3:

# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123  > pt-mongodb-summary.out
Password: 

ERRO[0096] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] } 


mongodb error log:
2020-09-21T18:40:41.491+0530 I  NETWORK  [conn338] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:60646 (connection id: 338)
2020-09-21T18:40:41.492+0530 I  NETWORK  [conn338] end connection 127.0.0.1:60646 (1 connection now open)
2020-09-21T18:40:41.991+0530 I  NETWORK  [listener] connection accepted from 127.0.0.1:60650 #339 (2 connections now open)
2020-09-21T18:40:41.992+0530 I  NETWORK  [conn339] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:60650 (connection id: 339)
2020-09-21T18:40:41.992+0530 I  NETWORK  [conn339] end connection 127.0.0.1:60650 (1 connection now open)

Disabling SSL in mongodb.conf // working fine

# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123 > pt-mongodb-summary.out
Password: ERRO[0008] Cannot get hostnames: sharding not enabled   
WARN[0008] [Error] cannot get replicaset members: sharding not enabled


# cat pt-mongodb-summary.out 


# Instances ##############################################################################################
  PID    Host                         Type                      ReplSet                   Engine									  
                                          no replica sets found

# This host
# Mongo Executable #######################################################################################
       Path to executable | /usr/bin/mongod
# Report On lalit-ThinkPad-T480 ########################################
                     User | mongodb
                PID Owner | mongod
                 Hostname | lalit-ThinkPad-T480
                  Version | 4.2.8
                 Built On | Linux x86_64
                  Started | 2020-09-21 18:53:39 &#43;0530 IST
                  Datadir | /var/lib/mongodb
                Processes | 1
             Process Type | mongod

# Running Ops ############################################################################################
Type         Min        Max        Avg
Insert           0          0          0/5s
Query            0          0          0/5s
Update           0          0          0/5s
Delete           0          0          0/5s
GetMore          0          0          0/5s
Command          1          1          5/5s

# Security ###############################################################################################
Users  : 2
Roles  : 0
Auth   : enabled
SSL    : disabled
Port   : 27017
Bind IP: 127.0.0.1

Attachments

Issue Links

clones

PT-1822 pt-mongodb-summary fails on standalone mongodb instances

Done

is duplicated by

PT-1917 Percona Toolkit MongoDB not working with TLS

Done

Activity

People

Assignee:: Carlos Salguero (Inactive)

Reporter:: Lalit Choudhary

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Sep/20 2:06 PM

Updated:: 15/Jan/21 12:04 PM

Resolved:: 02/Nov/20 8:13 PM

Time Tracking

Estimated:

Not Specified

Remaining: