Connection to Sharded Cluster via SSH Tunnel with Mongo DB Driver

Sebastien_Morel · December 12, 2024, 8:01pm

Hello,

I have a bastion that allows me to access my cluster. I can confirm that the SSH Tunnel is working because using tools like “Studio 3T” works like a charm.

Now I want my application (node) to connect to my cluster using the SSH Tunnel.

Here is what I did, using

nslookup -type=SRV _mongodb._tcp.cluster.something.mongdb.net

I retrieved the Mongos hostname and TCP ports, I have 3 shards/12 Mongos.

then I have my SSH config this way:

Host bastion
    user ubuntu
    hostname x.x.x.x
    identityfile ~/.ssh/xxx.pem
    port 22
    localforward 3300 xxxx-shard-00-00.something.mongodb.net:27016
    localforward 3301 xxxx-shard-00-01.something.mongodb.net:27016
    localforward 3302 xxxx-shard-00-02.something.mongodb.net:27016
    localforward 3303 xxxx-shard-00-03.something.mongodb.net:27016
    localforward 3310 xxxx-shard-01-00.something.mongodb.net:27016
    localforward 3311 xxxx-shard-01-01.something.mongodb.net:27016
    localforward 3312 xxxx-shard-01-02.something.mongodb.net:27016
    localforward 3313 xxxx-shard-01-03.something.mongodb.net:27016
    localforward 3320 xxxx-shard-01-00.something.mongodb.net:27016
    localforward 3321 xxxx-shard-01-01.something.mongodb.net:27016
    localforward 3322 xxxx-shard-01-02.something.mongodb.net:27016
    localforward 3323 xxxx-shard-01-03.something.mongodb.net:27016

And then the connection string (Standard that I use)

mongodb://xxx:xxx@127.0.0.1:3300,127.0.0.1:3301,127.0.0.1:3302,127.0.0.1:3303,127.0.0.1:3310,127.0.0.1:3311,127.0.0.1:3312,127.0.0.1:3313,127.0.0.1:3320,127.0.0.1:3321,127.0.0.1:3322,127.0.0.1:3323/admin?ssl=false&tls=false&replicatSet=something

I have tested many different options, and nothing really changes the main error:


MongoServerSelectionError: connection <monitor> to 127.0.0.1:3300 closed
 reason: TopologyDescription {
    type: 'ReplicaSetNoPrimary',
    servers: Map(12) {
      '127.0.0.1:3300' => [ServerDescription],
      '127.0.0.1:3301' => [ServerDescription],
      '127.0.0.1:3302' => [ServerDescription],
      '127.0.0.1:3303' => [ServerDescription],
      '127.0.0.1:3310' => [ServerDescription],
      '127.0.0.1:3311' => [ServerDescription],
      '127.0.0.1:3312' => [ServerDescription],
      '127.0.0.1:3313' => [ServerDescription],
      '127.0.0.1:3320' => [ServerDescription],
      '127.0.0.1:3321' => [ServerDescription],
      '127.0.0.1:3322' => [ServerDescription],
      '127.0.0.1:3323' => [ServerDescription]
    },
    stale: false,
    compatible: true,
    heartbeatFrequencyMS: 10000,
    localThresholdMS: 15,
    setName: 'prod',
    maxElectionId: null,
    maxSetVersion: null,
    commonWireVersion: 0,
    logicalSessionTimeoutMinutes: null
  },
  code: undefined,
  [Symbol(errorLabels)]: Set(0) {},
  [cause]: MongoNetworkError: connection <monitor> to 127.0.0.1:3300 closed

What do you think? I am pretty confident the SSH Tunnel is setup correctly.

It seems to be the Mongo driver that is not able to direct connection to Mongos?

Of course, if I allow my IP in the network access and I use mongodb+srv: it works instantly. but it defeats the point I want to go through my bastion.

Any hints here ?

Thanks