Before I begin, please let me be specific that issue may not be related to MongoDB, this could be some error/mistake at my end. I am just seeking help from the community.
I have a mongodb atlas cluster where I have added 2 IPs in its whitelist (say ip1 and ip2)
ip1 belongs to a windows webserver hosted on google cloud. I am able to connect to atlas through this ip.
ip2 belongs to a centos7 instance running tomcat on google cloud. I have a webapp which is trying to make a connection to mongodb atlas but I am getting timeout exception saying permission denied.
My connection string is the same for both cases so that is not the point of failure. I believe there is some issue in tomcat which is blocking this webapp to connect to mongodb atlas.
My connection string is the same for both cases so that is not the point of failure. I believe there is some issue in tomcat which is blocking this webapp to connect to mongodb atlas.
As it’s working for the client on ip1, your hypothesis that the issue existing on the centos7 client is probable. Have you performed any network troubleshooting tests to try rule out any network issues? If not, you can try the following from the centos7 client:
ping <hostname>
telnet <hostname> 27017
Atlas clusters operate on port 27017 . You must be able to reach this port to connect to your clusters.
curl http://portquiz.net:27017
The output from the above command should provide a response containing the outgoing IP that is attempting to connect to the Atlas cluster. This must be on your Network Access list.
To obtain the hostname, you can click on the “Metrics” button in the Clusters tab from the Atlas UI. From here, you should see the hostnames of all nodes for a particular cluster.
Both ping and telnet commands are working for primary node and port 27017. curl http://portquiz.net:27017 test is also successful and this ip is added in the mongodb cluster network access list.
After a detailed analysis I was able to find out that selinux was the culprit. As per my understanding (which may be incorrect), It was blocking all outgoing requests from the tomcat webapp. I was able to connect to mongodb through my tomcat webapp after disabling selinux with help from this link.
I am not very much aware of what selinux is and what are its advantages/disadvantages. Is this a good fix? Are there any workarounds?
After a detailed analysis I was able to find out that selinux was the culprit. As per my understanding (which may be incorrect), It was blocking all outgoing requests from the tomcat webapp. I was able to connect to mongodb through my tomcat webapp after disabling selinux with help from this 1 link.
I am not very much aware of what selinux is and what are its advantages/disadvantages. Is this a good fix? Are there any workarounds?
Glad to hear you’ve worked out the cause of the connection failures from the centos client!
SELinux (Security-Enhanced Linux) is a security module that provides stronger security mechanisms than the default Linux kernel. Similar to other security measures like firewalls and IP access lists, it is best to properly configure your environment rather than disabling the security measure altogether. The MongoDB documentation has more information on how to Configure SELinux if your environment is set to policy enforcing mode.
If you want to disable or reduce the SELinux security for a development environment, you can find more information about this in your O/S reference documentation. The only instructions specific to MongoDB are in our installation tutorials.
