puppet-mongodb icon indicating copy to clipboard operation
puppet-mongodb copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

SSL options deprecated in mongo 4.2.X

Open tonythomas01 opened this issue 4 years ago • 5 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 6.11.1
  • Ruby: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux-gnu]
  • Distribution:"Ubuntu 18.04.3 LTS" with mongo 4.2.0
  • Module version: 3.0.0

How to reproduce (e.g Puppet code you use)

Running a puppet apply (vagrant provision with puppet in my case) with ssl configurations. The library seems to still lack (?) options to support tls ?

What are you seeing

==> development: Error: Could not prefetch mongodb_replset provider 'mongo': 765: unexpected token at '-12-05T11:38:01.460+0000 W  CONTROL  [main] Option: ssl is deprecated. Please use tls instead.
==> development: 2019-12-05T11:38:01.460+0000 W  CONTROL  [main] Option: sslPEMKeyFile is deprecated. Please use tlsCertificateKeyFile instead.
==> development: 2019-12-05T11:38:01.460+0000 W  CONTROL  [main] Option: sslCAFile is deprecated. Please use tlsCAFile instead.

Any additional information you'd like to impart

https://docs.mongodb.com/manual/release-notes/4.2/#deprecated-ssl-options says:

MongoDB 4.2 deprecates the SSL options for the mongod, the mongos, and the mongo shell as well as the corresponding net.ssl Options configuration file options.

Use the new TLS options instead.

tonythomas01 avatar Dec 05 '19 11:12 tonythomas01

I have also hit this issue...

jdwhited avatar Aug 13 '21 14:08 jdwhited

this fork (https://github.com/poloz-lab/puppet-mongodb) added TLS support. Should be nice to have a PR for this.

ghost avatar Jun 29 '22 11:06 ghost

yep this is an issue as currently any is_master checks fail due to these deprecation warnings so this is now a showstopper. as noted the forked project handles this.

whiphubley avatar Jul 08 '22 12:07 whiphubley

@whiphubley I can conform that TLS is working in the mentioned fork. Using that fork right now. @poloz-lab Could you make a PR also for this issue from your fork ? And thanks for the making it work in your fork. I can probably make a PR to move form mongo to mongosh for the versions +4.x ? And since I'm using x509 for both admin user and clients, will try to add that also to the admin authentication methods, after https://github.com/voxpupuli/puppet-mongodb/pull/643 gets merged.

ghost avatar Jul 08 '22 13:07 ghost

PR #645 is ready for merging.

poloz-lab avatar Jul 27 '22 15:07 poloz-lab