-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No way to disable SSL for Mongo BI auth enabled instance: support non cleartext auth plugins #222
Comments
Hey @thanhthang20 ! Thanks for posting this one! Seems like this is returned by mongosqld rather than driver. AFAIK there's currently no way to connect to mongosqld using clear text auth method without SSL. There's an option to use another method for auth: https://docs.mongodb.com/bi-connector/v2.1/tutorial/connecting/#urioption.mechanism. It'll require implementation in cube.js mongobi-driver though. |
@paveltiunov yes, this is returned by mongosqld. The problem is mongosqld doesn't require SSL, while the driver is forcing ssl handshake |
@thanhthang20 Makes sense. Could you please debug and see what's in I believe cleartext is proposed by mongosqld rather than driver itself. |
@thanhthang20 Is this still an issue? |
Reopening to track non cleartext auth plugins support for Mongo BI driver. |
Hi Pavel - using the suggestion in your link I get this on cube.js side: *with these cube.js .env settings: and this on Mongo BI Connector side: 2020-01-02T17:17:45.561+0200 I NETWORK [conn1] connection accepted from 127.0.0.1:64115 #1 (1 connection now open) when starting by command line: Any advice would be appreciated - thanks! |
@sharkyza Hey Jaques! You should provide correct credentials in .env file in order to connect. |
@pavel - should it be the MongoDB credentials that the "Connector for BI"
uses to access the MongoDB?
Or is it the authentication settings one sets for "Connector for BI" in the
mongosqld-config.yml ?
On Fri, Jan 3, 2020 at 9:30 AM Pavel Tiunov ***@***.***> wrote:
@sharkyza <https://github.com/sharkyza> Hey Jaques! You should provide
correct credentials in .env file in order to connect.
—
[mongosqld-config.zip](https://github.com/cube-js/cube.js/files/4018501/mongosqld-config.zip)
… You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#222>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACK5WHM3A6B4XVKHMQOAABLQ33SP5ANCNFSM4I5BNVBQ>
.
|
Ok, :-) I got it going Then for CUBEJS_DB_NAME I used the Mongo dB name of the dB I was trying to access with the username and password set up for MongoDB - didn't know they would be passed through the Mongo Connector for BI... So that was just a note for posterity - thanks Pavel |
I guess this should be documented here |
@shinebayar-g Yeah. It would be great to have it there. Would love if you can provide PR for that! |
I haven't got it working yet. I created self signed certificate and started mongosqld with
Then I started cubejs api server with Now it's giving
Tried to change order of key & cert in bundle.pem file. No difference. Didn't try Edit: just tried |
@shinebayar-g Did you get the solution for it? Because I seem to be running into the same issue. |
@drdeath2609 no. Looks like mongodb isn't usable |
@shinebayar-g, @priyesh2609 your need use not path in CUBEJS_DB_SSL_CERT
|
In my case I was trying to connect to Mongo Atlas , I fixed this one by adding these to my .env My connection string and Mongosqld command looks like this I used this to create the pem file |
I keep getting my credentials rejected from Mongo Atlas after generating a test certificate. Am I doing something wrong? |
Did you do something on CubeJS side my user credentials are being rejected after setting up the test certificate. What type of cluster do you have? |
@dlariosuniandes @joseabraham @shinebayar-g |
@hassankhan this is kinda old ticket and we're still facing issues connecting to mongo bi, can you please help. also the helm charts for SSL values are wrong too. I'll push a PR for that shortly. |
@kodeine Do you use a kind of sidecar in your environment for eg. a setup with Kubernetes + Linkerd2/Istio? |
I was able to fix this, did have to update helm chart. My issue was mongobi wasnt using ssl so once that was done and fixing of chart, everything worked |
Small update, in the case o service mesh and sidecar containers it's even better to switch MongoBi to port 3306, then istio/linkerd will automatically know how to handle this kind of traffic (server-speak-first protocol) |
@sharkyza hi. I just read the the whole conversation. and seems that you have solved correctly. But i have some errors to resolve on same issue. I am using mongoDB and converting it into query data using mongosqld. but whenever I try to fetch the data in cube server, mongoDB doesn't grant access to cube server. I don't know what is stopping it. please help. Here is my query: #5689 |
Describe the bug
I start MongoBI connector with --sslMode = disabled (mongosqld cannot accept connections secured using TLS/SSL)
But Cube is always request with SSL causing this error "handshake error: ERROR 1759 (HY000): ssl is required when using cleartext authentication"
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Can load the schema
Screenshots
If applicable, add screenshots to help explain your problem.
Version:
"@cubejs-backend/server@0.10.54"
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: