The secret_port is not exposed by the Evergreen spawn host, so we will instead forward all operations through ssh. For simplicity, we can bind both the public port and the secret port and reuse the same port locally and on the powercycle machine.

The operative change is to add the tunneling options to this line in remote_operations.py with supporting changes in places that we connect to MongoDB to always connect to localhost instead of the remote host. The following snippet should work for the tunneling code:

"ssh -L {secret_port}:{mongod_host}:{secret_port} -L {standard_port}:{mongod_host}:{standard_port}"

The connections will be limited to the main powercycle loop here since it is the only time the mongod is alive.

Note

• We appear to be connecting to the mongod remotely (i.e. from the Evergreen host in a couple of locations, therefore we need to ensure the mongod is started with --bind_ip 0.0.0.0 so it listens on the non-localhost network interface. Otherwise we will get a connection error.
• The necessity of secret_port is debatable but can be left out of this ticket. The code involves a few nested subprocess calls which has a learning curve; consider not making significant changes or improvements as part of this project.