Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Connection from Applier to Mongodb fails
128 views
Skip to first unread message
YasumasaTakai
Oct 19, 2023, 1:26:22 AM10/19/23
to Tungsten Replicator Discuss
Version: Tungsten Replicator 7.0.1 build 96
Replication: MySQL on RDS -> Extractor -> Applier -> MongoDB Atlas
When I attempted to start the Replicator based on the documentation, I encountered a timeout error while trying to connect to MongoDB Atlas.
https://docs.continuent.com/tungsten-replicator-7.0/deployment-mongodb-atlas-install.html
I have also imported the MongoDB Atlas certificate.
Please let me know how to fix this.
The error I get is as follows
```
pendingExceptionMessage: Unable to start replication service due to underlying error: com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting for a server that matches com.mongodb.client.internal.MongoClientDelegate$1@4ae13177. Client view of cluster state is {type=REPLICA_SET, servers=[{address=xxxxxx.xxxxx.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=ac-zjkhh1s-shard-00-02.yhrs9kh.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=ac-zjkhh1s-shard-00-00.yhrs9kh.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}]
```
The output from tpm reverse is as follows
```
# Installed from tungsten@onedog-tungsten-target-dev:/opt/continuent/software/tungsten-replicator-for-mongodb-7.0.1-96
# Configuration built from /etc/tungsten/tungsten.ini
# Defaults for all data services and hosts
tools/tpm configure defaults \
--auto-recovery-max-attempts=10 \
--datasource-enable-ssl=true \
--disable-security-controls=false \
--enable-rmi-authentication=false \
--enable-rmi-ssl=false \
--enable-thl-ssl=false \
--install-directory=/opt/continuent \
--mysql-allow-intensive-checks=true \
'--profile-script=~/.bash_profile' \
--replicator-rest-api-address=0.0.0.0 \
--replicator-rest-api-authentication=true \
--replicator-rest-api-port=8097 \
--replicator-rest-api-ssl=true \
--rest-api-admin-pass=tungsten \
--rest-api-admin-user=tungsten \
--user=tungsten
# Options for the onedog data service
tools/tpm configure onedog \
--datasource-type=mongodb \
--master=onedog-tungsten-extraction-dev \
--members=onedog-tungsten-target-dev \
'--property=replicator.applier.dbms.connectString=mongodb+srv://${replicator.global.db.user}:${replicator.global.db.password}@${replicator.global.db.host}/?retryWrites=true&w=majority' \
--property=replicator.filter.dropcolumn.definitionsFile=/opt/continuent/share/dropcolumn.json \
--property=replicator.filter.rename.definitionsFile=/opt/continuent/share/rename.csv \
--property=replicator.filter.replicate.do=onedogplus.breed,onedogplus.dog,onedogplus.owner,onedogplus.breed_phase_info,onedogplus.size_phase_info,onedogplus.dog_phase,onedogplus.dog_size,onedogplus.dog_phase_dog_size,onedogplus.health_care,onedogplus.health_care_group,onedogplus.health_care_photo,onedogplus.health_condition,onedogplus.health_info,onedogplus.health_status,onedogplus.health_type,onedogplus.care_info,onedogplus.care_type,onedogplus.owner_subscription,onedogplus.post,onedogplus.post_photo_mapping,onedogplus.daily_goal,onedogplus.osanpo_photo_mapping,onedogplus.notebook_dog_illness,onedogplus.notebook_dog_illness_type,onedogplus.notebook_dog_info,onedogplus.notebook_dog_vaccination,onedogplus.notebook_pet_insurance,onedogplus.notebook_pet_facility,onedogplus.notebook_pet_facility_type,onedogplus.activation_target,onedogplus.deli_dog_activity,onedogplus.deli_meals_times,onedogplus.deli_snacks_times \
--replication-host=xxxxxxx.xxxx.mongodb.net \
--replication-password=@@@@@@@@@@@@@@@@ \
--replication-port=27017 \
--replication-user=ardito_member \
--role=slave \
--svc-applier-filters=dropstatementdata,replicate,dropcolumn,rename
```
Replication: MySQL on RDS -> Extractor -> Applier -> MongoDB Atlas
When I attempted to start the Replicator based on the documentation, I encountered a timeout error while trying to connect to MongoDB Atlas.
https://docs.continuent.com/tungsten-replicator-7.0/deployment-mongodb-atlas-install.html
I have also imported the MongoDB Atlas certificate.
Please let me know how to fix this.
The error I get is as follows
```
pendingExceptionMessage: Unable to start replication service due to underlying error: com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting for a server that matches com.mongodb.client.internal.MongoClientDelegate$1@4ae13177. Client view of cluster state is {type=REPLICA_SET, servers=[{address=xxxxxx.xxxxx.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=ac-zjkhh1s-shard-00-02.yhrs9kh.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=ac-zjkhh1s-shard-00-00.yhrs9kh.mongodb.net:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}]
```
The output from tpm reverse is as follows
```
# Installed from tungsten@onedog-tungsten-target-dev:/opt/continuent/software/tungsten-replicator-for-mongodb-7.0.1-96
# Configuration built from /etc/tungsten/tungsten.ini
# Defaults for all data services and hosts
tools/tpm configure defaults \
--auto-recovery-max-attempts=10 \
--datasource-enable-ssl=true \
--disable-security-controls=false \
--enable-rmi-authentication=false \
--enable-rmi-ssl=false \
--enable-thl-ssl=false \
--install-directory=/opt/continuent \
--mysql-allow-intensive-checks=true \
'--profile-script=~/.bash_profile' \
--replicator-rest-api-address=0.0.0.0 \
--replicator-rest-api-authentication=true \
--replicator-rest-api-port=8097 \
--replicator-rest-api-ssl=true \
--rest-api-admin-pass=tungsten \
--rest-api-admin-user=tungsten \
--user=tungsten
# Options for the onedog data service
tools/tpm configure onedog \
--datasource-type=mongodb \
--master=onedog-tungsten-extraction-dev \
--members=onedog-tungsten-target-dev \
'--property=replicator.applier.dbms.connectString=mongodb+srv://${replicator.global.db.user}:${replicator.global.db.password}@${replicator.global.db.host}/?retryWrites=true&w=majority' \
--property=replicator.filter.dropcolumn.definitionsFile=/opt/continuent/share/dropcolumn.json \
--property=replicator.filter.rename.definitionsFile=/opt/continuent/share/rename.csv \
--property=replicator.filter.replicate.do=onedogplus.breed,onedogplus.dog,onedogplus.owner,onedogplus.breed_phase_info,onedogplus.size_phase_info,onedogplus.dog_phase,onedogplus.dog_size,onedogplus.dog_phase_dog_size,onedogplus.health_care,onedogplus.health_care_group,onedogplus.health_care_photo,onedogplus.health_condition,onedogplus.health_info,onedogplus.health_status,onedogplus.health_type,onedogplus.care_info,onedogplus.care_type,onedogplus.owner_subscription,onedogplus.post,onedogplus.post_photo_mapping,onedogplus.daily_goal,onedogplus.osanpo_photo_mapping,onedogplus.notebook_dog_illness,onedogplus.notebook_dog_illness_type,onedogplus.notebook_dog_info,onedogplus.notebook_dog_vaccination,onedogplus.notebook_pet_insurance,onedogplus.notebook_pet_facility,onedogplus.notebook_pet_facility_type,onedogplus.activation_target,onedogplus.deli_dog_activity,onedogplus.deli_meals_times,onedogplus.deli_snacks_times \
--replication-host=xxxxxxx.xxxx.mongodb.net \
--replication-password=@@@@@@@@@@@@@@@@ \
--replication-port=27017 \
--replication-user=ardito_member \
--role=slave \
--svc-applier-filters=dropstatementdata,replicate,dropcolumn,rename
```
Chris Parker
Oct 19, 2023, 7:04:56 AM10/19/23
to tungsten-repl...@googlegroups.com
Hi,
The error points to an issue with the certificates, do you have the steps that you ran to import the certificates?
--
You received this message because you are subscribed to the Google Groups "Tungsten Replicator Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tungsten-replicator...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tungsten-replicator-discuss/071840d3-3281-4249-ba8a-0ce385b36432n%40googlegroups.com.
YasumasaTakai
Oct 19, 2023, 8:50:17 PM10/19/23
to Tungsten Replicator Discuss
Hi Chris, Thanks for your reply.
I imported the certificate with the following command
```
keytool -import -alias letsencrypt -file letsencrypt.pem -keystore /opt/continuent/share/tungsten_truststore.ts
```
letsencrypt.pem was obtained from https://letsencrypt.org/certs/isrgrootx1.pem.txt
I imported the certificate with the following command
```
keytool -import -alias letsencrypt -file letsencrypt.pem -keystore /opt/continuent/share/tungsten_truststore.ts
```
letsencrypt.pem was obtained from https://letsencrypt.org/certs/isrgrootx1.pem.txt
2023年10月19日木曜日 20:04:56 UTC+9 chris....@continuent.com:
YasumasaTakai
Oct 24, 2023, 1:29:44 AM10/24/23
to Tungsten Replicator Discuss
Hi Chris,
I would appreciate it if you would update me on this matter.
If there is any missing information, we are ready to add it.
Thank you so much for your investigating.
I would appreciate it if you would update me on this matter.
If there is any missing information, we are ready to add it.
Thank you so much for your investigating.
2023年10月20日金曜日 9:50:17 UTC+9 YasumasaTakai:
Chris Parker
Oct 24, 2023, 4:58:11 AM10/24/23
to tungsten-repl...@googlegroups.com
Hi,
It’s not 100% clear where the issue lies - The error certainly indicates an issue with the certificate. Have you checked through the following doc page:
|
In your config I see datasource-enable-ssl=true but I’m not sure if that is needed, can we try removing that and issuing tpm update to see.
The only other thought is whether this atlas instance has been running since before May 2021 and not been migrated to the letsencrypt certifiicates?
To view this discussion on the web visit https://groups.google.com/d/msgid/tungsten-replicator-discuss/39c8bb54-ca7c-46bc-8c39-bd1e1adf82fcn%40googlegroups.com.
YasumasaTakai
Oct 24, 2023, 7:12:19 AM10/24/23
to Tungsten Replicator Discuss
Hi, Chris
> It’s not 100% clear where the issue lies - The error certainly indicates an issue with the certificate. Have you checked through the following doc page:
Yes, I'm building it based on the linked documentation.
> In your config I see datasource-enable-ssl=true but I’m not sure if that is needed, can we try removing that and issuing tpm update to see.
I removed this setting and ran tpm update and got the same error.
> The only other thought is whether this atlas instance has been running since before May 2021 and not been migrated to the letsencrypt certifiicates?
This instance was launched last month.
I'll launch another instance and try to connect to that one.
I'll launch another instance and try to connect to that one.
Thanks
2023年10月24日火曜日 17:58:11 UTC+9 chris....@continuent.com:
Chris Parker
Oct 24, 2023, 7:18:20 AM10/24/23
to tungsten-repl...@googlegroups.com
Ok thanks I will also try and recreate the issue myself and let you know. Do You have other appliers running successfully? Or is this the first replicating to atlas? On the host can you issue ‘tungsten_send_diag -c 20231024 -d’
This will send me a full diagnostics including log files which might help me to track down the problem
Sent from my iPhone
On 24 Oct 2023, at 12:12, YasumasaTakai <yasumas...@ardito.jp> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/tungsten-replicator-discuss/24479110-2a91-473b-b55a-7f0a2a558257n%40googlegroups.com.
YasumasaTakai
Oct 24, 2023, 7:28:04 AM10/24/23
to Tungsten Replicator Discuss
I just ran `tungsten_send_diag -c 20231024 -d`
2023年10月24日火曜日 20:18:20 UTC+9 chris....@continuent.com:
Chris Parker
Oct 24, 2023, 7:30:35 AM10/24/23
to tungsten-repl...@googlegroups.com
Thanks nice received the logs so will take a look and let you know if I spot anything
Sent from my iPhone
On 24 Oct 2023, at 12:28, YasumasaTakai <yasumas...@ardito.jp> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/tungsten-replicator-discuss/0ead42a2-1f70-4b6b-895d-a4bd33177f69n%40googlegroups.com.
YasumasaTakai
Oct 25, 2023, 2:59:06 AM10/25/23
to Tungsten Replicator Discuss
Hi, Chris
I tried to connect to the newly created MongoDB Atlas instance and got the same error.
However, I connected with Tungsten Replicator 6.1.13 build 45 using the same certificate and replication was successful.
Are there any certificate related changes in the update from 6.x to 7.x?
However, I connected with Tungsten Replicator 6.1.13 build 45 using the same certificate and replication was successful.
Are there any certificate related changes in the update from 6.x to 7.x?
2023年10月24日火曜日 20:30:35 UTC+9 chris....@continuent.com:
Chris Parker
Oct 25, 2023, 3:25:27 AM10/25/23
to tungsten-repl...@googlegroups.com
Interesting. Thank you for that. Let me talk with our replication engineers and check through things out between versions. It may take me a couple of days so please bear with me
Sent from my iPhone
To view this discussion on the web visit https://groups.google.com/d/msgid/tungsten-replicator-discuss/88ef1e20-9d8d-432c-ad4a-a404cc315b50n%40googlegroups.com.
Chris Parker
Oct 25, 2023, 5:30:57 AM10/25/23
to tungsten-repl...@googlegroups.com
Hi,
Just to let you know we have reproduced the issue and are looking into it now. I will let you know what we find.
Thanks
Chris
Chris Parker
Oct 25, 2023, 10:19:52 AM10/25/23
to tungsten-repl...@googlegroups.com
Hi,
We have found the issue! In v7 it is looking for the certificate in a different trust store. This is incorrect and we have logged this to be fixed in the next release however for now, and to get your installation working can you import the letsencrypt certificate as follows:
keytool -import -alias letsencrypt -file /home/tungsten/letsencrypt.pem -keystore /opt/continuent/share/tungsten_thl_truststore.ts
This should get your v7 applier working fine.
Please do let me know if that works for you
Chris
On 25 Oct 2023, at 08:25, Chris Parker <chris....@continuent.com> wrote:
YasumasaTakai
Oct 25, 2023, 10:46:31 AM10/25/23
to Tungsten Replicator Discuss
Hi Chris,
Thank you for your prompt investigation.
keytool -import -alias letsencrypt -file /home/tungsten/letsencrypt.pem -keystore /opt/continuent/share/tungsten_thl_truststore.ts
Replication succeeded with this command!
Many thanks
Thank you for your prompt investigation.
```
keytool -import -alias letsencrypt -file /home/tungsten/letsencrypt.pem -keystore /opt/continuent/share/tungsten_thl_truststore.ts
```
Replication succeeded with this command!
Many thanks
2023年10月25日水曜日 23:19:52 UTC+9 Tungsten Replicator Discuss:
Reply all
Reply to author
Forward
0 new messages