mongodb - Docker无法连接到mongodb云

Question

无法使用 Docker 中的 mongoshell 连接到 mongodb 云。在 Opensuse 42.3 linux 平台上工作。IP_FORWARD 已启用，防火墙已禁用。

./mongodbshell/bin/mongo  "mongodb+srv://cluster0-ry2xn.mongodb.net/test" --username

但是，它在 docker 外部运行良好。下面给出的是我的 docker 环境信息。

$ sudo docker info

Containers: 17
 Running: 1
 Paused: 0
 Stopped: 16
Images: 21
Server Version: 17.04.0-ce
Storage Driver: overlay
 Backing Filesystem: xfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: active
 NodeID: kh7m6ppbeg3ktkk3tueqoiyen
 Is Manager: true
 ClusterID: izl7e06qo269ccagfa0eknz16
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 3
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
 Node Address: 192.168.2.14
 Manager Addresses:
  192.168.2.14:2377
Runtimes: oci runc
Default Runtime: runc
Init Binary: 
containerd version:  (expected: 422e31ce907fd9c3833a38d7b8fdd023e5a76e73)
runc version: N/A (expected: 9c2d8d184e5da67c95d601382adf14862e4f2228)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 apparmor
Kernel Version: 4.4.104-39-default
Operating System: openSUSE Leap 42.3
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.45GiB
Name: linux-xleg.suse
ID: SFKG:TIYZ:65WL:TKCG:ZOSW:7ZJI:CW6E:2HJJ:UV7A:ZVXM:V2IN:JZU4
Docker Root Dir: /home/maggi/docker-data
Debug Mode (client): false
Debug Mode (server): false
Username: magnusmel
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
WARNING: No kernel memory limit support

基于kali linux的Docker os-

cat /etc/os-release 
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2016.2"
VERSION_ID="2016.2"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.kali.org/"
SUPPORT_URL="http://forums.kali.org/"
BUG_REPORT_URL="http://bugs.kali.org/"

MongodB客户端信息如下

/opt/mongodbshell/bin/mongo --version
MongoDB shell version v3.6.2
git version: 489d177dbd0f0420a8ca04d39fd78d0a2c539420
allocator: tcmalloc
modules: none
build environment:
    distarch: x86_64
    target_arch: x86_64

错误输出：

> connecting to: mongodb+srv://cluster0-ry2xn.mongodb.net/test
> 2018-01-30T18:54:38.451+0000 I NETWORK  [thread1] Starting new replica
> set monitor for
> Cluster0-shard-0/cluster0-shard-00-00-ry2xn.mongodb.net.:27017,cluster0-shard-00-02-ry2xn.mongodb.net.:27017,cluster0-shard-00-01-ry2xn.mongodb.net.:27017
> 2018-01-30T18:54:39.679+0000 W NETWORK  [thread1] Unable to reach
> primary for set Cluster0-shard-0 2018-01-30T18:54:39.679+0000 I
> NETWORK  [thread1] Cannot reach any nodes for set Cluster0-shard-0.
> Please check network connectivity and the status of the set. This has
> happened for 1 checks in a row. 2018-01-30T18:54:41.879+0000 W NETWORK
> [thread1] Unable to reach primary for set Cluster0-shard-0
> 2018-01-30T18:54:41.879+0000 I NETWORK  [thread1] Cannot reach any
> nodes for set Cluster0-shard-0. Please check network connectivity and
> the status of the set. This has happened for 2 checks in a row.

这与未设置基于 SSL/TLS 的身份验证有关吗？任何帮助将不胜感激。

Answer 1

Kali linux 不是 mongo 支持的发行版。

因此，需要验证 /usr/bin/mongo --version 是否没有返回输出中提到的 openssl。然后，在这种情况下，卸载所有现有的 mongodb 工具和服务器和客户端。

然后根据使用的 Kali linux 发行版版本，使用为 debian 7/8 平台构建的 mongo 客户端重新安装。（在我的情况下是 debian 版本 8 ）

这解决了在 docker 上使用 ssl 运行 mongo 客户端的问题：

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5

echo "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.6 main" |  tee /etc/apt/sources.list.d/mongodb-org-3.6.list

apt-get update

对于包含服务器的完整 mongodb 安装，请按以下方式运行：

apt-get install -y mongodb-org=3.6.2 mongodb-org-server=3.6.2 mongodb-org-shell=3.6.2 mongodb-org-mongos=3.6.2 mongodb-org-tools=3.6.2

仅安装特定于版本的 mongo 客户端和工具：

   apt-get install -y mongodb-org-shell=3.6.2 mongodb-org-tools=3.6.2

仅安装 mongo 客户端和工具默认：

   apt-get install -y mongodb-org-shell mongodb-org-tools

我在 docker 上的 mongo 输出 - kali linux 映像现在显示 ssl 已配置：

MongoDB shell version v3.6.2
git version: 489d177dbd0f0420a8ca04d39fd78d0a2c539420
OpenSSL version: OpenSSL 1.0.1t  3 May 2016
allocator: tcmalloc
modules: none
build environment:
    distmod: debian81
    distarch: x86_64
    target_arch: x86_64

Answer 2

IP_FORWARD 是不够的，您需要在这些不同的网络之间进行伪装（或 NAT）。如果网络之间有一个公共网关，也可以使用静态路由。