2

I have been trying to use Mongomirror to sync up an atlas development instance to a local mongo replica setup. The atlas is also a 3 node replica setup that supports this operation. The main issue seems to be connection to the local setup. I have tried many different setups from a single node replica, to 3 replicas with self signed SSL and still no luck. The local setup is as follows:

  • docker-compose of standard mongo image, with --bind_ip_all --replSet rs0 --tlsMode requireTLS --tlsCertificateKeyFile /etc/ssl/keycert.pem
  • configured replica in the mongo server using 192.168.0.23 address which is the host, each of the nodes are mapped to ports 27017, 27018 and 27019

I have also tried signing the certificate with a local CA and then passing that file as argument --sslCAFile to mongomirror, have done this for both localhost and local IP addresses but none worked

The last error I receive is from a single node replica setup with localhost (other setups also give the same error which led me to believe issue isn't with replication setup)

mongomirror --host "hostinfo" --username "username" --password "password" --destination "localhost:27017" --ssl --tlsInsecure --sslCAFile "ssl/rootCA.crt"

mongomirror version: 0.11.1
git version: 326240f20c231f46d22040afe7c54f4b7bd83e88
Go version: go1.14.7
   os: linux
   arch: amd64
   compiler: gc

2021-04-28T12:22:55.631+0100    Source isMaster output: ... [log removed for confidentiality]
2021-04-28T12:22:55.644+0100    WARNING: --destination does not contain a replica set name! - localhost:27017
2021-04-28T12:22:55.644+0100    WARNING: mongomirror will not be able to tolerate destination failover if it occurs.
2021-04-28T12:24:55.645+0100    Error initializing mongomirror: could not initialize destination connection: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: localhost:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : x509: certificate signed by unknown authority }, ] }

Using the same CA file and TLS in robo3T I can connect to that node and perform operations, which makes me believe this is an issue with Mongomirror which is not respecting any of the TLS flags passed to it.

If I omit SSL and not enable it on the local server, I also get server selection error: server selection timeout.

I'm out of ideas on what to try next, replica is always enabled and initialized on these instances, hence this seems to be a connection problem with mongomirror, unfortunately there is no verbose or debug option documented to show more logging information

Arijoon
  • 2,184
  • 3
  • 24
  • 32
  • 1
    Shortly after posting it I managed to resolve this by adding my `rootCA` to the local machine's trusted list, e.g. `cp foo.crt /usr/local/share/ca-certificates/foo.crt && sudo update-ca-certificates` for ubuntu. It seems that the issue was no custom CA flags for destination, I believe all options only apply to source – Arijoon Apr 28 '21 at 11:46

0 Answers0