Docker Unable to connect to mongodb cloud

Question

Unable to connect to mongodb cloud using mongoshell from Docker. Working on Opensuse 42.3 linux platform. IP_FORWARD has been enabled, firewall has been disabled.

./mongodbshell/bin/mongo  "mongodb+srv://cluster0-ry2xn.mongodb.net/test" --username

However it works fine from outside docker. Given below is my docker environment info.

$ sudo docker info

Containers: 17
 Running: 1
 Paused: 0
 Stopped: 16
Images: 21
Server Version: 17.04.0-ce
Storage Driver: overlay
 Backing Filesystem: xfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: active
 NodeID: kh7m6ppbeg3ktkk3tueqoiyen
 Is Manager: true
 ClusterID: izl7e06qo269ccagfa0eknz16
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 3
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
 Node Address: 192.168.2.14
 Manager Addresses:
  192.168.2.14:2377
Runtimes: oci runc
Default Runtime: runc
Init Binary: 
containerd version:  (expected: 422e31ce907fd9c3833a38d7b8fdd023e5a76e73)
runc version: N/A (expected: 9c2d8d184e5da67c95d601382adf14862e4f2228)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 apparmor
Kernel Version: 4.4.104-39-default
Operating System: openSUSE Leap 42.3
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.45GiB
Name: linux-xleg.suse
ID: SFKG:TIYZ:65WL:TKCG:ZOSW:7ZJI:CW6E:2HJJ:UV7A:ZVXM:V2IN:JZU4
Docker Root Dir: /home/maggi/docker-data
Debug Mode (client): false
Debug Mode (server): false
Username: magnusmel
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
WARNING: No kernel memory limit support

Docker oS based on kali linux -

cat /etc/os-release 
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2016.2"
VERSION_ID="2016.2"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"

MongodB Client Info is given below

/opt/mongodbshell/bin/mongo --version
MongoDB shell version v3.6.2
git version: 489d177dbd0f0420a8ca04d39fd78d0a2c539420
allocator: tcmalloc
modules: none
build environment:
    distarch: x86_64
    target_arch: x86_64

ERROR OUTPUT:

> connecting to: mongodb+srv://cluster0-ry2xn.mongodb.net/test
> 2018-01-30T18:54:38.451+0000 I NETWORK  [thread1] Starting new replica
> set monitor for
> Cluster0-shard-0/cluster0-shard-00-00-ry2xn.mongodb.net.:27017,cluster0-shard-00-02-ry2xn.mongodb.net.:27017,cluster0-shard-00-01-ry2xn.mongodb.net.:27017
> 2018-01-30T18:54:39.679+0000 W NETWORK  [thread1] Unable to reach
> primary for set Cluster0-shard-0 2018-01-30T18:54:39.679+0000 I
> NETWORK  [thread1] Cannot reach any nodes for set Cluster0-shard-0.
> Please check network connectivity and the status of the set. This has
> happened for 1 checks in a row. 2018-01-30T18:54:41.879+0000 W NETWORK
> [thread1] Unable to reach primary for set Cluster0-shard-0
> 2018-01-30T18:54:41.879+0000 I NETWORK  [thread1] Cannot reach any
> nodes for set Cluster0-shard-0. Please check network connectivity and
> the status of the set. This has happened for 2 checks in a row.

Is this related to not setting up, SSL/TLS based auth ? Any help will be appreciated very much.

Answer 1

Kali linux is not a supported distro by mongo.

So one needs, to verify if /usr/bin/mongo --version does not return with openssl mentioned in the output. Then, in such a case uninstall all the existing mongodb tools & server & client.

And then reinstall with a mongo client built for debian 7/8 platform depending on the Kali linux distro Version being used. (in my case debian version 8 )

That solves the issue for running a mongo client with ssl on docker:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5

echo "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.6 main" |  tee /etc/apt/sources.list.d/mongodb-org-3.6.list

apt-get update

For full mongodb installation that includes server, do run as given below:

apt-get install -y mongodb-org=3.6.2 mongodb-org-server=3.6.2 mongodb-org-shell=3.6.2 mongodb-org-mongos=3.6.2 mongodb-org-tools=3.6.2

For installing only mongo client & tools specific to a version:

   apt-get install -y mongodb-org-shell=3.6.2 mongodb-org-tools=3.6.2

For installing only mongo client & tools default:

   apt-get install -y mongodb-org-shell mongodb-org-tools

My mongo output on docker - kali linux image now shows ssl configured:

MongoDB shell version v3.6.2
git version: 489d177dbd0f0420a8ca04d39fd78d0a2c539420
OpenSSL version: OpenSSL 1.0.1t  3 May 2016
allocator: tcmalloc
modules: none
build environment:
    distmod: debian81
    distarch: x86_64
    target_arch: x86_64

Answer 2

IP_FORWARD is not enough, you need masquerade (or NAT) between those different networks. It is possible also do with static routing, if there is one common gateway between networks.