mongodb_exporter icon indicating copy to clipboard operation
mongodb_exporter copied to clipboard

Published 20 hours ago verified publisher icon percona

Versions 0.20 and above do not work with ssl mongo

Open paulsjohnson91 opened this issue 1 year ago • 3 comments

Describe the bug We're ugrading from version 0.11 where we were able to connect to a mongodb instance running ssl using the mongodb.uri

mongodb://username:[email protected]:27017?ssl=true&sslCertificateKeyFile=/path/to/cert&sslCAFile=/path/to/cert&sslInsecure=true

Now when updating to 0.37 the system logs show

caller=tls_config.go:195 msg="TLS is disabled." http2=false

despite using the same connection string that was working before, and the only metric available to me is mongodb_up

To Reproduce Run version 0.37 of the exporter with mongodb.uri as mongodb://username:[email protected]:27017?ssl=true&sslCertificateKeyFile=/path/to/cert&sslCAFile=/path/to/cert&sslInsecure=true against a mongodb database version 4.4

Expected behavior Exporter should be able to get metrics of the mongo instance using ssl

Logs level=info ts=2023-04-03T13:04:10.567Z caller=tls_config.go:195 msg="TLS is disabled." http2=false

Environment

  • linux
  • run from systemd
  • MongoDB version 4.4.2

Additional context version 0.11 works fine. I'm also not able to get any logs besides mongodb_up when using mongo version 6.0.3 with or without ssl but I think this is an issue aready flagged in a different ticket

paulsjohnson91 avatar Apr 03 '23 13:04 paulsjohnson91

Hello @paulsjohnson91, https://github.com/percona/mongodb_exporter/pull/640 should this.

Can you please try to use:

server docker - perconalab/pmm-server-fb:PR-3158-1ac96b5
client docker - perconalab/pmm-client-fb:PR-3158-1ac96b5

ritbl avatar Apr 04 '23 00:04 ritbl

i thought i was seeing the same behaviour but after adding --collect-all to the exporter startup args, all metrics are shown, whether using tls or not.

grenade avatar May 09 '23 03:05 grenade

@paulsjohnson91 you might be using the old naming scheme for mongo options (this was why I was getting the TLS is disabled error). Newer mongo versions use 'tls' instead of 'ssl'

Your connection string options should change from this:

ssl=true&sslCertificateKeyFile=/path/to/cert&sslCAFile=/path/to/cert&sslInsecure=true

to this:

tls=true&tlsCertificateKeyFile=/path/to/cert&tlsCAFile=/path/to/cert&tlsInsecure=true

MrMMorris avatar Jun 20 '23 06:06 MrMMorris