Connection to mongodb atlas not possible

Question

Connection to mongodb atlas not possible

aeimer opened this issue 3 years ago · 10 comments

Hi,

I'd love to use the tool, but I can't connect to the mongodb atlas instance:

docker run -it --rm mrsarm/mongotail 'mongodb+srv://somename-pl-0.foo.mongodb.net/bar-service' -u mytmpuser -b admin
Error parsing command line: Invalid address "mongodb+srv://somename-pl-0.foo.mongodb.net/bar-service"
try 'mongotail --help' for more information

How can I fix the connection or get a proper error message?
This also happens with pip installed version on Mac.

BR
Alex

Answer 1 · 2022-03-24T17:44:09.000Z

Hey ! didn't know that SRV thing even exists ! I'm reading a bit about it, looks like PyMongo supports it (https://www.mongodb.com/docs/drivers/pymongo/#installation), but I need to add the srv dependencies... and then just allow URLs with that prefix because PyMongo should take care of it.

I'll work in a patch very soon, maybe today.

Answer 2 · 2022-03-24T17:46:44.000Z

@mrsarm Oh that would be great! Many thanks!

Answer 3 · 2022-03-28T21:27:08.000Z

Hey @aeimer ! I just released the beta 3.1b1 that supports URIs with mongodb:// and mongodb+srv://, plus it fixes authentication issues.

I've also published the release on Docker Hub, so you should be able to use it like (note the version in the command):

$ docker run -it --rm mrsarm/mongotail:3.1b1 'mongodb+srv://somename-pl-0.foo.mongodb.net/bar-service' -u mytmpuser -b admin

I don't have an account on MongoDB Atlas, so if you can test it much appreciated !

Answer 4 · 2022-03-29T07:16:39.000Z

@mrsarm Maybe i just miss sth on how to configure to get a login, but I don't get any answer:

Answer 5 · 2022-03-29T11:47:20.000Z

Actually I think it's connecting well, but there is nothing to print because the profiler is not activated yet. You should enable the profiler in MongoDB first with something like:

$ docker run -it --rm mrsarm/mongotail:3.1b1 'mongodb+srv://host/db' -u mytmpuser -b admin -l 2

Or you can use -l 1 instead along with the -s MILLISECONDS to log and find only slow queries (Find slow queries in MongoDB).

Answer 6 · 2022-03-29T17:53:29.000Z

@mrsarm I did not hit Ctrl-c, the container exited by itself more or less immediately.
Ah I see, but then maybe a little log message from the program would be helpful.

So I tried the following:

It did not work as suspected, but the auth seems to work as the level is set( I checked it via mongosh).
The command instantly exits.

A uri with only the username in it fails, as it works with mongosh:

VS

Answer 7 · 2022-03-29T18:29:08.000Z

Hey, thanks for your feedback, it's helping me a lot.

About the "Invalid host.." error, it's because set in a URL the user with no indication of the password like user@host is normally considered invalid, although I see it's supported even by curl when connecting to an HTTP service, and what curl does it append the : after the user and encode it with Base64 in the header sent. Furthermore, in a normal MongoDB instance is not possible to create a user without a password or an empty password. Anyway, if that works with Mongo Atlas, Mongotail should support it, I'll add a fix later.

In the meantime, what it's normally acceptable when the password is empty is indeed set the password empty, so try with mongodb+srv://tmp-alex:@host.. (note the : char followed by @), that explicitly says empty or not password at all. Although when an URL like that is set Mongotail sends an null value because even the latest version of the PyMongo driver doesn't support empty passwords.

Back to the profiler setp, I see in the screenshots that you could successfully set the profiling to level 2, so... did you get results after executing that? remember a few things:

Once you set to level 2 you have to execute mongotail again without the -l or -s argument to get the logs, because those instruction only set the profiling to debug mode, but they don't try to pull any log at all. I recommend to use mongotail with the -f flag, so mongotail will wait for queries to log, and you have to stop it pressing Ctrl+C.
You have to do something with your database to get some logs, otherwise you will see indeed nothing. Past queries won't be displayed, only new ones since you set the log level with a non zero value.
Once you are done, you have to remember to set the profiling level again to zero with -l 0. Letting the level in 1 or 2 will make you database slower and it's potentially insecure, because the queries are recorded in a special collection, although only admin users have access to it by default.

Finally, what you said about executing the command and not seeing any feedback at all, I agree can be better, the idea is similar to what you get when you try to print an empty file with cat or tail in the console: nothing. That's make the command not just more minimalist , but also more easy to use in scripts, where you only expect the command to output what the database has, unless there are errors that are anyway logged in the standard error stream.

What I'm considering in future versions is to check first whether the profiling level was set to 1 or 2, and if isn't the case, warn about it in the standard error stream. What I don't want to do is to set the profiling level automatically, that is potentially danger, the user has to know that the profiling level has to be set to 0 once debugging is done, and although mongotail can do that automatically, if it fails, might leave the logging open and the user not noticing it.

Answer 8 · 2022-03-29T19:40:45.000Z

@mrsarm
so the MongoDB does not have (or allow?!) an empty password, but as you can see in the screenshot you will be asked to enter the password. That is way more secure, as the password is not written to the bash_history.

I guess how that works was not clear to me. I was thinking, the program will set the profile level as wanted and then on exit revert the changes to its original values.
Also combining (and then not notifying the user about) -f and -l is something that makes sense from (my) user perspective. But I now know it better, here my test results:

so yeahaaa it works!
But honestly with some more verbose output the UX would be way better and the users would feel more comfortable.

But now its workable, Im happy!
Thank you for that great tool.

BR
Alex

Answer 9 · 2022-03-29T21:04:12.000Z

Thanks @aeimer ! much appreciated your feedback.

I just released the version 3.1b2 on PyPI and Docker Hub as well with the fix to allow URIs with user@host... (without the :). I'm also adding more instructions in the README copied from an old blog post I made, but yes, the instruction are not enough clear because you are not the first confused about how to enable the profiler, so need to improve it more.

In terms of usage, these suggestion are in my to-do list, unfortunately the last versions I've released are more in relation to keep up to date with the changes in how the MongoDB engine stores the logs, and the changes in the PyMongo API that breaks compatibility with old versions. Hope if no more breaking changes are introduced in the near future I can work more in new features and improvements.

I'll do some more tests and release the final version maybe tomorrow.

Answer 10 · 2022-03-30T07:55:46.000Z

@mrsarm I tested a URI with mongodb+srv://tmp-alex@somename.abcd.mongodb.net/foo. As suspected I got asked for the password. Good job! Love it.
docker run -it --rm mrsarm/mongotail:3.1b2 'mongodb+srv://tmp-alex@somename.abcd.mongodb.net/foo' -b admin -l 1

From my side we can close the ticket.

Thank you again!
Alex