-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect to mongodb via SSH dosn't work in new update #307
Comments
Thanks for this. I found the issue and corrected it. Will let you know here when a new build is ready. |
@tothradoslav any update on this? I know the fix has been already applied 2 weeks ago but no release yet. This is pretty much a game breaking issue for an audience that intends to use this in prod environments. Is there any ETA for the next release? |
It's about to be released in the upcoming days. Saw your twitter post, uploading the linux RC so you can test it. |
Thanks a lot @tothradoslav !! Mingo.io it's a fantastic Mongo client and my colleagues and I are already loving it! ssh support is the only bit preventing us from purchasing a license and I'm sure the early access to the RC will make everyone happy here! |
Please let me know if it worked for you. |
@tothradoslav so, we're still having issue even with RC1. Worth noting:
Hope it helps! |
Thanks! Going to test it properly, my connection works. Are you using ssh with privateKey, password or agent? Will let you know when I find something. |
I'm using ssh with a privateKey file. |
Just uploaded a new pre-release, could you please try this? We added the passphrase option in SSH. https://github.com/mingo-app/mingo/releases/tag/v1.6.5-rc.2 Thank you! |
Hey @tothradoslav , thanks a lot for the hard work! We're definitely "getting there"! Though, I see these issues:
Another thing that might interest you, feature wise: there's no option for connecting through TLS/SSL (something we use for some of our DBs). Take NoSqlBooster as an example here: They allow you to setup a configuration for your connection that accounts for all these possibilities. |
Great, thanks for this. I will go through all your points and make sure it all works, including the SSL / TLS connections. |
Just 2 questions:
Thanks for all your help! |
So, good news on the passphrase :) Happy to help! I want to see this product succeed. I already love it and prefer it much more than NoSQLBooster! |
Well, that's great to hear. The database connection is bugging me. I am using replica sets with secondaryPreferred option and even SSH tunnel and connects properly. My connection looks something like this: mongodb://uns:@mongo1:9000,mongo2:9000/uns?authSource=admin&replicaSet=rs0&readPreference=secondaryPreferred Maybe the authSource option would be missing? BTW, the TSL/SSL connection is ready, just need to release it. It'd be great to find the db connection bug before I do so... |
Uhm.. interesting. I'll try with authSource first thing in the morning and let you know!
…On Wed, 15 Dec 2021, at 10:00 PM, tothradoslav wrote:
Well, that's great to hear.
The database connection is bugging me. I am using replica sets with secondaryPreferred option and even SSH tunnel and connects properly. My connection looks something like this:
***@***.*** <https://github.com/mongo1>:9000,mongo2:9000/uns?authSource=admin&replicaSet=rs0&readPreference=secondaryPreferred
Maybe the authSource option would be missing?
BTW, the TSL/SSL connection is ready, just need to release it. It'd be great to find the db connection bug before I do so...
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#307 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGSKSOZJI7OYIQLLUXIYL3UREFXXANCNFSM5I74RR7A>.
Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
Good news :) So, I had to try out a couple of times but it seems to be working if I specify the list of replica set servers! that's the difference compared to what I was used to with NoSQLBooster. In NoSQLBooster I have setup 2 separate connections: one for the slave and one for the master in the replicaSet; I actually liked that, since I could reliably connect mainly to the slave, being sure that my connection was exclusively read-only, while I used the "main" connection only when in need of making changes to the prod database. Is there any chance that something like this is possible in Mingo too? The only thing that comes to mind right now is to "clone" the connection (and name the clone "RO") and just use the cloned one (where I never give the permission to "unlock" the database) as a read only access; I think that might work and essentially give me the same functionality I get with the other client. Now, apart from the passphrase in clear, the only feature that remains to be added is the support for TSL/SSL. I tried adding "?ssl=true" to my connection string but I then get the error: "Error: MongoServerSelectionError: self signed certificate" One last thing: is there a way to "defer" the opening of the connections until I actually want to use a DB? In my connection list now I've a couple of configurations that are not working right now (like the one that requires SSL) but I want to keep them there until we find a way to make them work; Though, this means that even when I use another connection (like the one one my local dev env) I keep getting periodic popups "SSH Tunnel Error"... I assume there's a background process that constantly scans the entire list of my connections and check them out; This is not ideal; is there a way to disable this and let it happen only when I actually use a connection? Excellent work anyway; I really appreciate! |
Great, and thanks for all the info :) I think it should be possible in Mingo, too, so will take a look. We will try upload a new build tomorrow. Will keep you posted. We will also take a look at the ssh tunnel errors. Thanks again! |
I'd like to know what format of mongo URI do you use in NoSQLBooster to connect directly to the slave? I'm using the following format for example: Where mongo2 is the secondary. It works partially, but can't read the list of databases, shows an error "fetchDatabases error MongoServerError: not master and slaveOk=false" Could you please:
Thank you! BTW, looking at documentation, master / slave setup is not supported since MongoDB 4.0, so just a reminder to prevent confusion. It's now a replicaSet and masters are elected. |
In NoSQLBooster you don't need to use a fully qualifier URI. The connection editor panel has a "Basic" tab where you can just enter the "server name" and the port. Then in the "Authentication" tab you can enter the Auth-Db name and the username and pwd for DB authentication. So, in the case of our DB with replica, I just configured 2 separate connections; one using the replica server address and another identical one using the master server address Mingo follows a different approach, that is "closer to the metal", so to speak and I'm absolutely fine with that. My expectation was to compose the uri as you did, probably without the "replicaSet=xxx&readPreference=xxx" part (options that I don't provide even when I use the entire servers list in the URI). Right now I'm just listing all the servers in the URI and just avoid "unlocking" the DB. (and then I've cloned the connection and called the copy "PROD RW" and there I unlock the DB). Not ideal, since in a perfect world I'd like to avoid hitting the master DB at all, but I'm probably being picky there 😄 I'll take a look at the console (I always forget that Mingo is an Electron based app!) and report back as soon as I solve an issue I'm having right now in getting access to our prod servers 😅 |
The SSL options will be added in next release and SSH is already there. The only difference is, that in Mingo you will have to define the database name in the uri and set the proper readPreference. That's the This is due to how Nodejs Javascript driver works. The READ ONLY is the actual setup of your servers for the slave, right? |
yes (for the read only). One SUPER critical thing though: You REALLY need to defer connecting to the DB until the connection is actually used. The reason why I was unable to connect to my PROD environment a few hours ago was that Mingo actually killed our SSH gateway. I had a couple of configurations in Mingo that were not working (because of the connections issue you were trying to solve for me 😄 ). Though, it seems Mingo tried ALL DAY connecting/reconnecting to those connections, even if I was not even trying to use them. This resulted in a flood of connections to the SSH gateway that equated to an effective DDOS attack, with the gateway crashing under the weight of the repeated connection attempts. So please, avoid trying opening a connection unless:
On this account: do you know where I can find the connections I've configured in Mingo? are they stored somewhere in the file system? I'd like to remove the ones I made to my prod env before I even open it... otherwise as soon as I open it, it will probably start flooding the SSH gateway again |
Wow, that behaviour is not expected definitely and will work on it. Really sorry about that. Regarding the configurations, they are stored in a config file in JSON format, but with all the other settings of Mingo. If you are on a mac, it is under ~/Library/Application Support/Mingo/config.json This file could be quite large actually. Sorry, again :( |
No worries :) |
Hi @dmolin, we have completely rethought the way connections and SSH tunnels are managed in the background to make sure:
We will be testing this now and will release an RC soon. Will let you know. I hope you'll be willing to try it out after all the hassle. Thank you. |
Hey @tothradoslav , thanks a bunch for all your hard work! It's definitely appreciated and it's all great news for my ears! In the meantime I've just purchased my yearly license ;) |
Hi @dmolin, the new RC is published, please take a look when you get a moment. SSL support is also included. https://github.com/mingo-app/mingo/releases/tag/v1.6.5-rc.3 Thanks! |
We have just released a new pre-release of Mingo, please check it out and let us know if your issue has been corrected. Thanks! |
Same issue as in #286: Mingo errors when trying to connect to a mongodb database via SSH just with the password set. (No keyfile)
This errors pop open when you try to open an a collection in a already configured connection:
Also this error appears when using the "Test" button inside the connection settings:
Mingo Version: 1.6.4 (PRO)
The text was updated successfully, but these errors were encountered: