Mongodb-client-encryption module not found error

Emmanuel_langat · February 24, 2023, 9:07am

Hi all,
I am using mongo client encryption library for some encryption. I have tested it locally and it works fine. However when deploying to aws beanstalk via cloudshell, I am hit with the error message

gyp WARN EACCES current user ("healthd") does not have permission to access the dev dir "/root/.cache/node-gyp/14.18.1"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/var/app/staging/node_modules/mongodb-client-encryption/.node-gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error 
gyp ERR! stack Error: EACCES: permission denied, mkdir '/var/app/staging/node_modules/mongodb-client-encryption/.node-gyp'
gyp ERR! System Linux 4.14.301-224.520.amzn2.x86_64
gyp ERR! command "/opt/elasticbeanstalk/node-install/node-v14.18.1-linux-x64/bin/node" "/opt/elasticbeanstalk/node-install/node-v14.18.1-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /var/app/staging/node_modules/mongodb-client-encryption
gyp ERR! node -v v14.18.1
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok 
npm WARN The package @babel/preset-env is included as both a dev and production dependency.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

and at times getting the error mongo-client-encryption module not found

kindly help.

Emmanuel_langat · March 1, 2023, 1:12pm

@kevinadi , any know-how on this? Kindly help.

Tarun_Gaur · March 3, 2023, 6:10am

Hello @Emmanuel_langat ,

Welcome to The MongoDB Community Forums!

From my understanding, the error was generated when you’re trying to create a Beanstalk deployment, hence it’s likely to be a Beanstalk specific issue rather than MongoDB. A quick search showed a StackOverflow post that may be useful for your case

If you are facing any issues with your AWS deployments, I would recommend you try getting help from AWS discussion forums as they might have more insight into your deploying environment.

Regards,
Tarun

Emmanuel_langat · March 9, 2023, 3:21pm

Thanks @Tarun_Gaur , this was really helpful.

I have now successfully deployed the application on aws elastic beanstalk, however when now calling my API that uses the encrypted client,
I hit this error

Mar  9 15:19:17 ip-172-31-21-84 web: MongoServerSelectionError: connect ECONNREFUSED 127.0.0.1:27020
Mar  9 15:19:17 ip-172-31-21-84 web: at Timeout._onTimeout (/var/app/current/node_modules/mongodb/lib/sdam/topology.js:284:38)
Mar  9 15:19:17 ip-172-31-21-84 web: at listOnTimeout (internal/timers.js:557:17)
Mar  9 15:19:17 ip-172-31-21-84 web: at processTimers (internal/timers.js:500:7) {
Mar  9 15:19:17 ip-172-31-21-84 web: reason: TopologyDescription {
Mar  9 15:19:17 ip-172-31-21-84 web: type: 'Unknown',
Mar  9 15:19:17 ip-172-31-21-84 web: servers: Map(1) { 'localhost:27020' => [ServerDescription] },
Mar  9 15:19:17 ip-172-31-21-84 web: stale: false,
Mar  9 15:19:17 ip-172-31-21-84 web: compatible: true,
Mar  9 15:19:17 ip-172-31-21-84 web: heartbeatFrequencyMS: 10000,
Mar  9 15:19:17 ip-172-31-21-84 web: localThresholdMS: 15,
Mar  9 15:19:17 ip-172-31-21-84 web: setName: null,
Mar  9 15:19:17 ip-172-31-21-84 web: maxElectionId: null,
Mar  9 15:19:17 ip-172-31-21-84 web: maxSetVersion: null,
Mar  9 15:19:17 ip-172-31-21-84 web: commonWireVersion: 0,
Mar  9 15:19:17 ip-172-31-21-84 web: logicalSessionTimeoutMinutes: null
Mar  9 15:19:17 ip-172-31-21-84 web: },
Mar  9 15:19:17 ip-172-31-21-84 web: code: undefined,
Mar  9 15:19:17 ip-172-31-21-84 web: [Symbol(errorLabels)]: Set(0) {}
Mar  9 15:19:17 ip-172-31-21-84 web: }

I believe this is a mongocryptd issue.

Kindly advise on way forward.
Thanks

Tarun_Gaur · March 21, 2023, 12:11am

The error message that you shared indicates a possibility that the MongoDB driver is unable to connect to the mongocryptd service running on localhost at port 27020. There could be several different reasons for such issue, below are some things that you can check at your end:

Make sure that the mongocryptd service is running on your server.
Make sure that there are no firewall rules preventing the MongoDB driver from accessing the mongocryptd service on port 27020.
Make sure that the mongocryptd service is configured correctly.
Make sure that your connection string is correct and includes the necessary options for client-side encryption.

You may also want to try connecting to mongocryptd directly using a command-line client, to see if you’re able to connect to the service. If you’re still having issues, I would recommend checking the MongoDB driver logs and the mongocryptd logs for more information about the error.

Notably from Install and Configure mongocryptd — MongoDB Manual

Enterprise Feature
The automatic feature of field level encryption is only available in MongoDB Enterprise 4.2 or later, and MongoDB Atlas 4.2 or later clusters.
mongocryptd is installed with MongoDB Enterprise Server (version 4.2 and later).

Since this is an Enterprise Advanced feature, if you’re evaluating this feature and need further help, please DM me your contact details so I can notify the relevant teams regarding your issue.