[COMPASS-7009] Frequent "Connection pool cleared" error Created: 06/Jul/23 Updated: 04/Aug/23 |
|
| Status: | Open |
| Project: | Compass |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | D V | Assignee: | Julia Oppenheim |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | needs-prioritization | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
OS: macOS Ventura 13.4.1 |
||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Story Points: | 3 | ||||||||||||
| Description |
Problem Statement/RationaleExperiencing a frequent error when trying to connect to mongos via GCP IAP tunnel:
Please be sure to attach relevant logs with any sensitive data redacted. Compass logs attached. Steps to Reproduce
Expected ResultsSuccessful connection Actual ResultsMost of the time it errors out. Additional NotesMy workaround right now is to quickly open a bunch of Compass windows and flip through them all, connecting in each one, and then closing any that have errored out. This is annoying enough that most of my team have moved off Compass. |
| Comments |
| Comment by D V [ 14/Jul/23 ] |
|
anna.henningsen@mongodb.com Thanks for the context! I can definitely see how the "proper" solution is difficult. As far as I know there're no TOTP/OTP on my side. At least, I don't have another auth factor that I need to provide in order to connect via LDAP. I just run the gcloud start-iap-tunnel command. I agree that updating the error message could be sufficient, especially if it has the workaround of adding maxPool=1 as an explicit suggestion within it, since it's totally non-obvious. My entire team of 50+ engineers essentially gave up on Compass, because it was the only client that showed that error, so it felt like a Compass-specific bug. |
| Comment by Anna Henningsen [ 12/Jul/23 ] |
|
dv@glyphy.com It’s not straightforward, unfortunately. I assume you’re using LDAP with some sort of TOTP mechanism, where the OTP is part of the password you pass to Compass? The reason why that fails is that Compass opens (and this might be obvious from the error message here) a connection pool, but uses the same OTP for all of those connections, so some of them will successfully authenticate and some not. This is a very specific use case, though, and not one that we can reliably detect at that, and in general, Compass does utilize the connection pool to improve application performance. So, yes, we are aware of this pain point. We might be able to improve the error message here, but a “proper” solution is unfortunately not trivial. (As a side note, we announced upcoming preview support for OpenID Connect authentication for MongoDB 7.0+ databases just last month. Switching authentication mechanisms is obviously a bigger change for users, but that’s part of our long-term story for better support for “modern” human-facing authentication.) |
| Comment by D V [ 11/Jul/23 ] |
|
anna.henningsen@mongodb.com Thank you, that entirely solves the issue! Should this setting be enabled by default? |
| Comment by Anna Henningsen [ 11/Jul/23 ] |
|
dv@glyphy.com What happens if you add maxPoolSize=1 to your connection string? Does that make any difference? |
| Comment by PM Bot [ 06/Jul/23 ] |
|
Hello dv@glyphy.com, thank you for reaching out to us! The team will review your issue and get back to you soon as soon as possible. Please review your issue to ensure you've included your environment details and have attached relevant logs (with any sensitive data redacted), so that we're best able to provide you a timely and thorough response. Thanks again! |