connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon elastic

MongoDB stopped syncing with Atlas after upgrading to 8.12

Open ppf2 opened this issue 1 year ago • 3 comments

After upgrading to 8.12, the MongoDB connector stopped working and failed to sync with the following error message:

ServerSelectionTimeoutError: ac-rsixaez-shard-00-00.hvdm3oz.mongodb.net:27017: connection closed,ac-rsixaez-shard-00-01.hvdm3oz.mongodb.net:27017: connection closed,ac-rsixaez-shard-00-02.hvdm3oz.mongodb.net:27017: connection closed, Timeout: 30s, Topology Description: <TopologyDescription id: 65b9dc07063bfb66c6410f03, topology_type: ReplicaSetNoPrimary, servers: [<ServerDescription ('ac-rsixaez-shard-00-00.hvdm3oz.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('ac-rsixaez-shard-00-00.hvdm3oz.mongodb.net:27017: connection closed')>, <ServerDescription ('ac-rsixaez-shard-00-01.hvdm3oz.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('ac-rsixaez-shard-00-01.hvdm3oz.mongodb.net:27017: connection closed')>, <ServerDescription ('ac-rsixaez-shard-00-02.hvdm3oz.mongodb.net', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('ac-rsixaez-shard-00-02.hvdm3oz.mongodb.net:27017: connection closed')>]>

This affects users who are using the MongoDB connector to sync with MongoDB Atlas (mongo+srv protocol).

The workaround is to explicitly enable the new SSL/TLS option in the configuration (leave Certificate Authority blank because Atlas uses a widely trusted root CA):

image

ppf2 avatar Jan 31 '24 21:01 ppf2

It will be great for us to look into automatically enabling SSL/TLS if we detect that the user is trying to connect to MongoDB Atlas (perhaps this will be the eventual fix?)

ppf2 avatar Jan 31 '24 21:01 ppf2

Currently framework does not support concept of automatically updating configuration, unfortunately :/

We can have 2 things:

  1. Validate host and see if mongodb+srv protocol is used and SSL/TLS: false, then show an error
  2. We in long term want to provide richer configuration - user will be able to either use connection string OR rich fields and there we'll be able to address it in a way

artem-shelkovnikov avatar Feb 08 '24 11:02 artem-shelkovnikov

We could add a migration in Enterprise Search that detects if you have mongdb+srv and if you do, automatically enable SSL in your config?

seanstory avatar Mar 14 '24 18:03 seanstory

Let's close this issue?

artem-shelkovnikov avatar Jun 07 '24 14:06 artem-shelkovnikov

Sounds good.

Summary: the solution is to just explicitly enable the SSL/TLS option in the configuration and leave Certificate Authority blank. No explicit migration or bugfix is planned.

seanstory avatar Jun 07 '24 15:06 seanstory