[COMPASS-139] Add "test" connection Created: 11/Oct/16  Updated: 02/Apr/19  Resolved: 02/Apr/19

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Sam Weaver Assignee: Durran Jordan
Resolution: Won't Fix Votes: 3
Labels: FY2019Q2
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2018-11-01-16-03-41-398.png     PNG File image-2018-11-01-16-04-48-403.png     PNG File image-2018-11-01-16-05-28-821.png     PNG File image-2018-11-01-16-09-07-440.png     PNG File robomongo-connection-test-failed.png    
Issue Links:
Related
related to COMPASS-3280 Connection Diagnostics Closed
Epic Link: COMPASS-2280

 Description   

User Story

"As a Compass user with commercial support, I want to easily copy and paste diagnostic info when a connection fails so that I can include it in the SFSC I open enabling faster resolution from MongoDB Support"

Summary

> Note @lucas: Updated with complete context per COMPASS-2848

When customers are having problems connecting via Compass we can now provide a much better experience than instructing customers to enable debugging and open the devtools console (see CS-32525).

Gathering Diagnostic Data

mongodb-connection-model@5.0.0 added a new `status` event. These status events are propagated via mongodb-data-service. Status events are emitted while establishing a connection for each step in the process. Each step has an underlying with a human-readable message property and one property pending||error||complete||skipped.

The implementation of these steps/checks can be found in mongodb-connection-model/lib/connect.js (line 170 at time of this writing).

Steps Explained

The possible values for a status event message are:

  • Validate Validate the user input against mongodb-connection-model's business logic
  • Load SSL files Checks that the SSL files specified by the user are readable (if specified)
  • Create SSH Tunnel Checks that SSH Tunnel can be successfully created and written to (if specified)
  • Connect to MongoDB Given all of the above, can we connect to MongoDB using the node.js driver?
  • List Databases Inactive. See below.

Example Usage

test: function(done) {
  var onTested = function(err) {
    if (err) {
      metrics.error(err);
      return done(err);
    }
 
    debug('test worked!');
    done(null, this);
  }.bind(this);
  var diagnosticMessages = [];
 
  var dataService = new DataService(this);
  debug('Testing connection to `%j`...', this.serialize());
  dataService.on('status', (evt) => {
    /**
     * Example status events:
     *
     * >>> { message: 'Validate', pending: true }
     * >>> { message: 'Validate', complete: true }
     * >>> { message: 'Load SSL files', pending: true }
     * >>> { message: 'Load SSL files', skipped: true, reason: 'The selected SSL mode does not need to load any files.' }
     * >>>  { message: 'Create SSH Tunnel', pending: true }
     * >>>  { message: 'Create SSH Tunnel', complete: true}
     * >>> { message: 'Connect to MongoDB', pending: true }
     * >>> { message: 'Connect to MongoDB', complete: true }
     * >>> { message: 'Connect to MongoDB', error: MongoError('Invalid or missing certificate', stack: 'Error: self signed certificate in certificate chain...') }
     */
     // TODO Write these as nice messages to populate the diagnostic info
  });
  dataService.connect(onTested);
  return this;
}

List Databases

This is currently commented out in mongodb-connection-model and here is the primary reason: it's tricky to actually listDatabases(). The actual command requires the authenticated mongodb user to have escalated privileges. However, there is a workaround detailed in mongodb-data-service/lib/instance-detail-helper.js.

This workaround leverages the server's connectionStatus and userInfo commands. It's complicated but very possible to list collections and databases without having underlying escalated privs. See the implementation in mongodb-data-service/lib/instance-detail-helper.js starting at roughly line 283.

This underlying complexity would be mitigated by PM-544 (see comments there for more details).

UX

In the Compass connect window, when a connection fails, add a link to show "Diagnostic Info" which toggles textarea containing status event messages. Under the textarea, include a "copy diagnostic info" button which writes the contents of the textarea to the clipboard using electron's clipboard API.

Prior Art

RoboMongo

See Robomongo RC8 blog post for more details.

While in the area as this will be at least a minor release, please also refactor to split up the ssh-connection-options which appear to be unnecessarily coupled together as discovered on COMPASS-396:

const opts = {
// TODO: Would be nice to split this into connectOptions (passed to .connect()),
// TODO: ... forwardOutOptions (i.e. srcAddr, dstPort, dstAddr) and
// TODO: ... startLocalSSHServerOptions (e.g. localPort, localAddr)
  readyTimeout: 5000,
  forwardTimeout: 5000,
  keepaliveInterval: 5000,
  srcAddr: '127.0.0.1',    // OS should figure out an ephemeral srcPort
  dstPort: 27000,          // final mongod port
  dstAddr: '10.0.0.131',   // final mongod IP
  localPort: 29000,        // TODO: Choose this ephemeral port randomly
  localAddr: '127.0.0.1',
  host: '35.163.143.252',  // Jump box IP
  port: 22,
  username: 'ec2-user'
};



 Comments   
Comment by Massimiliano Marcon [ 02/Apr/19 ]

With COMPASS-3280, we'll have connection diagnostics. For the time being we won't have a separate test connection

Comment by Peter Schmidt [ 03/Mar/17 ]

ping may be useful to have: https://docs.mongodb.com/manual/reference/command/ping/

Comment by Dmitry Ryabtsev [ 17/Feb/17 ]

I think Compass should easily provide similar diagnostics for SSL connections as mongo shell does.

This is to illustrate the current situation:

Server's certificate validation fails:

"mongo shell"

2017-02-17T14:02:13.502+1100 E NETWORK  [thread1] SSL peer certificate validation failed: self signed certificate in certificate chain
2017-02-17T14:02:13.503+1100 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: self signed certificate in certificate chain

"Compass"

Could not connect to MongoDB on the provided host and port

Meaning: The signature chain of the certificate being presented by the server contained a self-signed certificate before any of the certificates in the chain turned up in the CA file. In effect, the server certificate could not be validated by any CA known to the client.

Hostname validation fails:

"mongo shell"

2017-02-17T14:06:02.463+1100 E NETWORK  [thread1] The server certificate does not match the host name 192.168.1.6
2017-02-17T14:06:02.464+1100 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name 192.168.1.6 :

"Compass"

Could not connect to MongoDB on the provided host and port

Meaning: The CN, or SAN, in the server certificate do not match the hostname used on connection. Specify a valid hostname according to the certificate. Alternatively, use unvalidated SSL connection, if the server's SSL configuration permits.

Private key's password is not correct

"mongo shell"

2017-02-17T14:09:33.478+1100 E NETWORK  [main] cannot read PEM key file: /home/dmitry/javassl/III/server.pem error:28069065:lib(40):UI_set_result:result too small
Failed global initialization: InvalidSSLConfiguration Can not set up PEM key file.

"Compass"

error:0906A068:PEM routines:PEM_do_header:bad password read

Meaning: The password specified for the client's private key is not correct.

Unsupported certificate purpose

"mongo shell"

2017-02-17T14:28:28.196+1100 E NETWORK  [thread1] SSL peer certificate validation failed: unsupported certificate purpose
2017-02-17T14:28:28.197+1100 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: unsupported certificate purpose :

"Compass"

Could not connect to MongoDB on the provided host and port

Meaning: The certificate presented by the server has V3 extensions enabled, the extendedKeyUsage field is present but does not contain the serverAuth flag.

Comment by Lucas Hrabovsky (Inactive) [ 11/Nov/16 ]

From http://blog.robomongo.org/robomongo-rc8/#connectiondiagnostic

Comment by Lucas Hrabovsky (Inactive) [ 11/Oct/16 ]

http://blog.robomongo.org/robomongo-rc8/#connectiondiagnostic

Generated at Wed Feb 07 22:24:28 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.