DEVHIDE
Login Or Sign up

mongodb-kafka-base-mongod fails when mongo have ssl enabled

77 Views Asked by At

I followed the documentation (Quick start) docker compose file and everything went fine. Tried to add ssl to mongo instance using this tutorial: generate-mongo-ssl.md

then went to ssl part and followed the steps

I updated my docker-compose to have certificates as volumes

version: "3.6"
services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.2.2
    hostname: zookeeper
    container_name: zookeeper
    networks:
      - localnet
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000

  broker:
    image: confluentinc/cp-kafka:7.2.2
    hostname: broker
    container_name: broker
    depends_on:
      - zookeeper
    networks:
      - localnet
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: "zookeeper:2181"
      KAFKA_LISTENERS: LISTENER_1://broker:29092,LISTENER_2://broker:9092
      KAFKA_ADVERTISED_LISTENERS: LISTENER_1://broker:29092,LISTENER_2://localhost:9092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_1:PLAINTEXT,LISTENER_2:PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_1
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
      CONFLUENT_SUPPORT_CUSTOMER_ID: "anonymous"
      KAFKA_DELETE_TOPIC_ENABLE: "true"

  connect:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "35000:35000"
    hostname: connect
    volumes:
      - ./final2/:/etc/ssl/
    container_name: connect
    depends_on:
      - zookeeper
      - broker
    networks:
      - localnet
    environment:
      CONNECT_SSL_TRUSTSTORE_TYPE: ssl.truststore.type=JKS
      CONNECT_SSL_TRUSTSTORE_LOCATION: /etc/ssl/truststore.jks
      CONNECT_SSL_TRUSTSTORE_PASSWORD: qwerty
      CONNECT_KAFKA_OPTS: -Djavax.net.ssl.trustStore=/etc/ssl/truststore.jks -Djavax.net.ssl.trustStorePassword=qwerty -Djavax.net.ssl.keyStore=/etc/ssl/mongodb.p12
      CONNECT_KAFKA_JMX_OPTS: -Djavax.net.ssl.trustStore/etc/ssl/truststore.jks -Djavax.net.ssl.trustStorePassword=qwerty
      CONNECT_JAVA_OPTS: “-Djavax.net.debug=ssl:handshake”
      KAFKA_OPTS: -Djavax.net.ssl.keyStore=/etc/ssl/mongodb.p12 -Djavax.net.ssl.trustStorePassword=qwerty -Djavax.net.ssl.trustStore=/etc/ssl/truststore.jks
      KAFKA_JMX_PORT: 35000
      KAFKA_JMX_HOSTNAME: localhost
      CONNECT_BOOTSTRAP_SERVERS: "broker:29092"
      CONNECT_REST_ADVERTISED_HOST_NAME: connect
      CONNECT_REST_PORT: 8083
      CONNECT_GROUP_ID: connect-cluster-group
      CONNECT_CONFIG_STORAGE_TOPIC: docker-connect-configs
      CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_OFFSET_FLUSH_INTERVAL_MS: 10000
      CONNECT_OFFSET_STORAGE_TOPIC: docker-connect-offsets
      CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_STATUS_STORAGE_TOPIC: docker-connect-status
      CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_ZOOKEEPER_CONNECT: "zookeeper:2181"
      CONNECT_PLUGIN_PATH: "/usr/share/java,/usr/share/confluent-hub-components"
      CONNECT_CONNECTIONS_MAX_IDLE_MS: 180000
      CONNECT_METADATA_MAX_AGE_MS: 180000
      CONNECT_AUTO_CREATE_TOPICS_ENABLE: "true"
      CONNECT_KEY_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"
      CONNECT_VALUE_CONVERTER: "org.apache.kafka.connect.json.JsonConverter"

  rest-proxy:
    image: confluentinc/cp-kafka-rest:7.2.2
    depends_on:
      - zookeeper
      - broker
      - schema-registry
    hostname: rest-proxy
    container_name: rest-proxy
    networks:
      - localnet
    environment:
      KAFKA_REST_HOST_NAME: rest-proxy
      KAFKA_REST_BOOTSTRAP_SERVERS: "broker:29092"
      KAFKA_REST_LISTENERS: "http://0.0.0.0:8082"
      KAFKA_REST_SCHEMA_REGISTRY_URL: "http://schema_registry:8081"

  schema-registry:
    image: confluentinc/cp-schema-registry:7.2.2
    hostname: schema-registry
    container_name: schema-registry
    depends_on:
      - broker
    networks:
      - localnet
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: "broker:29092"
      SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: "zookeeper:2181"
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081

  mongo1:
    image: "mongodb-kafka-base-mongod:1.0"
    container_name: mongo1
    ports:
      - "35001:27017"
    build:
      context: .
      dockerfile: mongo.Dockerfile
    volumes:
      - ./final2/:/etc/ssl/
      - ./mongo.conf:/etc/mongod.conf
    command: --replSet rs0 --oplogSize 128 --config /etc/mongod.conf
    depends_on:
      - zookeeper
      - broker
      - connect
    networks:
      - localnet
    restart: always
    

  mongo1-setup:
    image: "mongodb-kafka-base-setup-mongod:1.0"
    container_name: mongo1-setup
    build:
      context: .
      dockerfile: mongo.Dockerfile
    depends_on:
      - mongo1
    networks:
      - localnet
    volumes:
      - ./final2/:/etc/ssl/
    entrypoint:
      [
        "bash",
        "-c",
        "sleep 10 && mongosh --tls --host mongo1 --tlsCertificateKeyFile /etc/ssl/mongodb.pem --tlsCAFile /etc/ssl/mongodb-ca.crt config-replica.js && sleep 10",
      ]
    restart: "no"

networks:
  localnet:
    attachable: true

mongo1-setup was failing so I took this mongosh --tls --host mongo1 --tlsCertificateKeyFile /etc/ssl/mongodb.pem --tlsCAFile /etc/ssl/mongodb-ca.crt config-replica.js and ran it inside mongodb instance, it succeeded,

Now when I go inside mongodb instance and run

curl -X POST \
     -H "Content-Type: application/json" \
     --data '
     {"name": "mongo-source",
      "config": {
         "connector.class":"com.mongodb.kafka.connect.MongoSourceConnector",
         "connection.uri":"mongodb://mongo1:27017/?replicaSet=rs0&ssl=true",
         "database":"quickstart",
         "collection":"sampleData",
         "pipeline":"[{\"$match\": {\"operationType\": \"insert\"}}, {$addFields : {\"fullDocument.travel\":\"MongoDB Kafka Connector\"}}]"
         }
     }
     ' \
     http://connect:8083/connectors -w "\n"

I get no logs from mongodb instance and from connector side I get 2023-06-27 19:50:44 Caused by: java.net.ConnectException: Connection refused (Connection refused)

How can I complete the tutorial while both the connector and the mongo instance have ssl enabled. I tried to ping mongo1 from connector, it went fine. Also tried mongosh --tls --host localhost --tlsCertificateKeyFile /etc/ssl/mongodb.pem --tlsCAFile mongodb-ca.crt went fine

if any details is missing please let me know

UPDATE: I solved it by updating mongod.conf bindIp to mongo1

mongodb apache-kafka mongo-connector
Original Q&A
0

There are 0 best solutions below

Related Questions in MONGODB

Related Questions in APACHE-KAFKA

Related Questions in MONGO-CONNECTOR

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.