-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MongoDB: cannot connect to MongoDB: server selection error: server selection timeout #785
Comments
I have a similar error, could you show me how you configured your mongodb_exporter.service? I am unable to activate TLS. Thanks! |
We ran into the same error with the exporter in version 0.40. Can you please try to run the exporter in version 0.39.0 and see if that works? There is already a PR that addresses the issue with 0.40.0 but unfortunately it's not yet been released. Please see: #780 @adnull also provides a container that has the fix already implemented. I'd love to see a new release of this exporter to prevent others from running into this issue, too. Is there anything that can be done to get a new release? I could not find any timeline or roadmap. |
Hi. My docker version contains changes in multiple hosts resolving, i don't think it fixes TLS connection problem, but if it works we can compare what was changed. |
Hello @winem, we are going to release 0.41.0 in the middle of june. |
Hello, I have the same problem. The service configuration: [Service] [Install] I checked with mongosh and connection was possible. Is the problem still a thing or I am doing something wrong? Errors: |
@Joschi84 do you use the latest release of the mongodb_exporter ( e.g. >= 0.41.0 ) ? |
@adnull Wow you are fast. Yes I am using 0.41.2. Installed it today. |
No idea yet. Could you show us the connection string and the options you've used to check it with the mongosh? |
Also, what is the version of the server software and mongosh, that info would be useful to find a problem |
Sure. --mongodb.uri=mongodb://user:password@subdom1.url.com:27017,subdom2.url.com:27017,subdom3.url.com:27017/admin?authSource=admin&replicaSet=replicaName&tls=true&tlsCAFile=/etc/mongodb/tls/monCA.crt&tlsCertificateKeyFile=/etc/mongodb/tls/monCl.pem and with mongosh I connect exactly like this, but successfull: mongosh "mongodb://user:password@subdom1.url.com:27017,subdom2.url.com:27017,subdom3.url.com:27017/admin?authSource=admin&replicaSet=replicaName&tls=true&tlsCAFile=/etc/mongodb/tls/monCA.crt&tlsCertificateKeyFile=/etc/mongodb/tls/monCl.pem" subdom1.url.com:27017,subdom2.url.com:27017 and subdom3.url.com:27017 are on different servers. mongodb-exporter lives on the same server as prometheus. Any ideas? Do you have a working configuration with a replica set and required authentication? mongosh version 2.3.2 |
I changed things and reversed changes (around "admin?" - I wanted skip db choice because we want also see local db, correct?). So I am back at the start point but the error changed. I am sorry but maybe I skipped reload daemon on the way. The error is So I probaly made a mistake at the creation of the certificates (used not the most upToDate method). So maybe this makes more sense for someone. mongosh works with "mongodb://user:password@subdom1.url.com:27017,subdom2.url.com:27017,subdom3.url.com:27017/admin?authSource=admin&replicaSet=replicaName&tls=true&tlsCAFile=/etc/mongodb/tls/monCA.crt&tlsCertificateKeyFile=/etc/mongodb/tls/monCl.pem" and mongodb.uri=mongodb://user:password@subdom1.url.com:27017,subdom2.url.com:27017,subdom3.url.com:27017/admin?authSource=admin&replicaSet=replicaName&tls=true&tlsCAFile=/etc/mongodb/tls/monCA.crt&tlsCertificateKeyFile=/etc/mongodb/tls/monCl.pem brings the above error. So mongosh seems to be more tolerant regarding this szenario. I am sorry for the confusion. |
@Joschi84 maybe to try using "&tlsInsecure=true" in the connection string? The problem seems that you don't have SANs strings in your server certificates. |
Also this topic could be useful https://www.reddit.com/r/golang/comments/oqnm8n/x509_certificate_relies_on_legacy_common_name/ |
@adnull Thank you. Especially for your time. I now understand a little what the problem is. Your link is greatly appreciated. |
I am getting socket issue in the new version 0.40.0, I was able to resolve the TLS issue by configuring the --web.config file, but the connection to the MongoDB deployment is showing error in Prometheus logs attached below. However, I can perform the connectivity through the same certificates without any issues locally. Any help would be appreciated. Thanks.
Percona prometheus version used: 0.40.0
MongoDB version: 6.0.6 Community Edition
LOG:
#########################
level=info ts=2024-01-22T12:14:54.307Z caller=tls_config.go:274 msg="Listening on" address=[::]:9216
level=info ts=2024-01-22T12:14:54.308Z caller=tls_config.go:310 msg="TLS is enabled." http2=false address=[::]:9216
time="2024-01-22T12:14:59Z" level=error msg="Cannot connect to MongoDB: cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: xxx.svc.cluster.local:27017, Type: Unknown, Last error: connection(xxxx..svc.cluster.local:27017[-30]) socket was unexpectedly closed: EOF }, ] }"
##############################
Configurations:
extraArgs:
web-config:
tls_server_config:
cert_file: "/tmp/tls-combined.pem"
key_file: "/tmp/tls.key"
client_auth_type: "RequireAndVerifyClientCert"
client_ca_file: "/tmp/ca.crt"
http_server_config:
http2: false
Originally posted by @harishkumarrajasekaran in #685 (comment)
The text was updated successfully, but these errors were encountered: