Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
3.1.0, 3.2.1
-
None
-
Yes
-
Yes
-
2
Description
Clone of https://jira.percona.com/browse/PT-1822
Issue: unable to use pt-mongodb-summary for SSL enabled MongoDB instances
The issue still exists for MongoDB configured to use SSL.
Looks like pt-mongodb-summary can't connect to SSL enabled mongodb .
Test:
# ./pt-mongodb-summary --version pt-mongodb-summary Version v3.2.1 Build: 2020-08-12T21:06:41+0000 using go1.14.4 Commit: 750d2ef9d9fbc6363eb7528e6be61e2bfda7ac79
MongoDB with SSL configuration.
mongodb.cnf # network interfaces net: port: 27017 bindIp: 127.0.0.1 ssl: mode: requireSSL PEMKeyFile: /etc/mongodb/mongodb.pem CAFile: /etc/mongodb/rootCA.pem
case1:
SSL connection to mongodb via mongo client works fine. # mongo --host=localhost --ssl --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem -u mroot -p mroot123 --authenticationDatabase admin # ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --ssl --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem --username mroot --password mroot123 > pt-mongodb-summary.out; unknown option: --ssl using option mentioned in ./pt-mongodb-summary --help --sslCAFile=value SSL CA cert file used for authentication --sslPEMKeyFile=value SSL client PEM file used for authentication # ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --sslCAFile /etc/mongodb/rootCA.pem --sslPEMKeyFile /etc/mongodb/mongodb.pem --username mroot --password mroot123 > pt-mongodb-summary_ssl.out Password: ERRO[0100] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] }
case 2:
# mongo "localhost:27017" --authenticationDatabase admin --ssl --username mroot --password mroot123 2020-09-21T18:30:44.392+0530 W CONTROL [main] Option: ssl is deprecated. Please use tls instead. MongoDB shell version v4.2.8 connecting to: mongodb://localhost:27017/test?authSource=admin&compressors=disabled&gssapiServiceName=mongodb # ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123 --ssl > pt-mongodb-summary.out Password: ERRO[0095] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] } mongodb logs: 2020-09-21T18:45:14.975+0530 I NETWORK [conn720] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:34312 (connection id: 720) 2020-09-21T18:45:14.975+0530 I NETWORK [conn720] end connection 127.0.0.1:34312 (1 connection now open) 2020-09-21T18:45:15.477+0530 I NETWORK [listener] connection accepted from 127.0.0.1:34316 #721 (2 connections now open) 2020-09-21T18:45:15.478+0530 I NETWORK [conn721] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:34316 (connection id: 721) 2020-09-21T18:45:15.478+0530 I NETWORK [conn721] end connection 127.0.0.1:34316 (1 connection now open)
case3:
# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123 > pt-mongodb-summary.out Password: ERRO[0096] Cannot get host info for "mongodb://localhost:27017": GetHostInfo.hostInfo: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(localhost:27017[-181]) incomplete read of message header: EOF }, ] } mongodb error log: 2020-09-21T18:40:41.491+0530 I NETWORK [conn338] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:60646 (connection id: 338) 2020-09-21T18:40:41.492+0530 I NETWORK [conn338] end connection 127.0.0.1:60646 (1 connection now open) 2020-09-21T18:40:41.991+0530 I NETWORK [listener] connection accepted from 127.0.0.1:60650 #339 (2 connections now open) 2020-09-21T18:40:41.992+0530 I NETWORK [conn339] Error receiving request from client: SSLHandshakeFailed: The server is configured to only allow SSL connections. Ending connection from 127.0.0.1:60650 (connection id: 339) 2020-09-21T18:40:41.992+0530 I NETWORK [conn339] end connection 127.0.0.1:60650 (1 connection now open)
Disabling SSL in mongodb.conf // working fine
# ./pt-mongodb-summary "localhost:27017" --authenticationDatabase admin --username mroot --password mroot123 > pt-mongodb-summary.out Password: ERRO[0008] Cannot get hostnames: sharding not enabled WARN[0008] [Error] cannot get replicaset members: sharding not enabled # cat pt-mongodb-summary.out # Instances ############################################################################################## PID Host Type ReplSet Engine no replica sets found # This host # Mongo Executable ####################################################################################### Path to executable | /usr/bin/mongod # Report On lalit-ThinkPad-T480 ######################################## User | mongodb PID Owner | mongod Hostname | lalit-ThinkPad-T480 Version | 4.2.8 Built On | Linux x86_64 Started | 2020-09-21 18:53:39 +0530 IST Datadir | /var/lib/mongodb Processes | 1 Process Type | mongod # Running Ops ############################################################################################ Type Min Max Avg Insert 0 0 0/5s Query 0 0 0/5s Update 0 0 0/5s Delete 0 0 0/5s GetMore 0 0 0/5s Command 1 1 5/5s # Security ############################################################################################### Users : 2 Roles : 0 Auth : enabled SSL : disabled Port : 27017 Bind IP: 127.0.0.1