Mongoose attempting to connect to instance instead of just cluster endpoint

0

We have our documentdb instance in a private VPC so use a bastion with port forwarding. I have the cluster endpoint setup in my SSH config and am able to connect via mongo shell:

$ mongo --ssl --host localhost:27018 --sslCAFile rds-combined-ca-bundle.pem --sslAllowInvalidHostnames
MongoDB shell version v3.6.3
connecting to: mongodb://localhost:27018/
2020-07-15T16:14:11.063-0400 D NETWORK  [thread1] creating new connection to:localhost:27018
2020-07-15T16:14:11.266-0400 W NETWORK  [thread1] The server certificate does not match the host name. Hostname: localhost does not match SAN(s): <information redacted>
2020-07-15T16:14:11.266-0400 D NETWORK  [thread1] connected to server localhost:27018 (127.0.0.1)
2020-07-15T16:14:11.296-0400 D NETWORK  [thread1] connected connection!
MongoDB server version: 3.6.0
rs0:PRIMARY>

But when I try connecting via mongoose programmatically it attempts to connect to the instance directly instead of just the cluster endpoint.

With useUnifiedTopology enabled:

const connOpts = {
    replicaSet: 'rs0',
    readPreference: 'secondaryPreferred',
    loggerLevel: 'debug'
    ha: false,
    connectWithNoPrimary: true,
    useNewUrlParser: true,
    useUnifiedTopology: true
}
mongoose.createConnection('mongodb://localhost:27018/mydb', connOpts)

MongooseServerSelectionError: connection timed out
  reason: TopologyDescription {
    type: 'ReplicaSetNoPrimary',
    setName: 'rs0',
    maxSetVersion: null,
    maxElectionId: null,
    servers: Map {
      'mydocdb-inst-1.[id redacted].[region redacted].docdb.amazonaws.com:27017' => [ServerDescription]
    },
    stale: false,
    compatible: true,
    compatibilityError: null,
    logicalSessionTimeoutMinutes: null,
    heartbeatFrequencyMS: 10000,
    localThresholdMS: 15,
    commonWireVersion: 6
  }

With useUnifiedTopology disabled:

const connOpts = {
    replicaSet: 'rs0',
    readPreference: 'secondaryPreferred',
    loggerLevel: 'debug'
    ha: false,
    connectWithNoPrimary: true,
    useNewUrlParser: true,
    useUnifiedTopology: false
}
mongoose.createConnection('mongodb://localhost:27018/mydb', connOpts)

At the end of the debug output:
[INFO-Server:9749] 1595262374081 server mydocdb-inst-1.[id redacted].[region redacted].docdb.amazonaws.com:27017 fired event error out with message {"name":"MongoNetworkError"} {
  type: 'info',
  message: 'server mydocdb-inst-1.[id redacted].[region redacted].docdb.amazonaws.com:27017 fired event error out with message {"name":"MongoNetworkError"}',
  className: 'Server',
  pid: 9749,
  date: 1595262374081
}

Is this due to some change in later versions of mongoose or the mongodb driver that aren't backwards compatible with mongodb 3.6.x / documentdb? Anyone on a specific version of mongoose and have it working without needing to connect directly to the instances?

Thanks

asked 4 years ago1000 views
3 Answers
0

BTW I'm using mongoose 5.9.22 which is compatible with mongodb 3.6 and works against a local instance of mongodb installed. https://mongoosejs.com/docs/compatibility.html

answered 4 years ago
0

I noticed the line below from https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html and updated my connection to not set the replicaSet and readPreference and I still have the same issue.

When using an SSH tunnel, we recommend that you connect to your cluster using the cluster endpoint and do not attempt to connect in replica set mode (i.e., specifying replicaSet=rs0 in your connection string) as it will result in an error. 

I also updated my forwarding to connect to the instance instead of the endpoint without any luck.

Edited by: tnataws on Jul 20, 2020 7:33 PM

tnataws
answered 4 years ago
0

Finally figured it out -- thankfully user error and not an issue with any library. After switching to not set the replicaSet when connecting through tunnel, my TLS settings weren't getting set.

mongoose.createConnection('mongodb://localhost:27018', {
  dbName: 'myDB',
  retryWrites: false,
  useFindAndModify: false,
  useNewUrlParser: true,
  useUnifiedTopology: true,
  //replicaSet: 'rs0',
  //readPreference: 'secondaryPreferred',
  auth: {
    user: '...',
    password: '...'
  },
  tls: true
  tlsCAFile: '/path/to/rds-combined-ca-bundle.pem',
  tlsAllowInvalidHostNames: true
})
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions