I’ve been facing an issue in creating CSFLE enabled client with MongoDB ATLAS Cluster. The regularClient connection works fine with ATLAS without any issue. I have even created the Key Vault and the Data Key and stored it on ATLAS using the regularClient connection. But when trying to create a CSFLE Enabled Client connection the program fails with “Time out error”. we are using Java and deploying the code in Linux container. I doubt on my docker file setup. due to wrong setup mongocryptd process is not running I guess. can someone please share me sample docker file. thanks in advance.
Hi @PrasannaVengadesan_santhanagopalan, and welcome to the forums!
But when trying to create a CSFLE Enabled Client connection the program fails with “Time out error”
Could you share:
- A minimum reproducible code
- Error log (stack trace)
As the “time out error” in this case could be caused by various different reasons, i.e. no mongocryptd available on PATH, etc.
I doubt on my docker file setup. due to wrong setup mongocryptd process is not running I guess. can someone please share me sample docker file
You can have a look at github.com/sindbach/field-level-encryption-docker/java for MongoDB Java sync driver running client-side field level encryption example with a Dockerfile (ubuntu).
Regards,
Wan
1 Like
Thank you so much @wan. I will refer the sample docker file and try it out. also, I will share the error details.
@wan, below is the error message. We are using Mongo Atlas connection string. we have also added commands on docker file to install Mongo Enterprise version. As per Logs, it is installed successfully. but am not sure whether MongoCryptd process is running or not. when we try to insert the records, we are getting below error.
com.mongodb.MongoClientException: Exception in encryption library: Exception in encryption library: Timed out after 1000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27020, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused (Connection refused)}}]"
Hi @PrasannaVengadesan_santhanagopalan,
[{address=localhost:27020, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused (Connection refused
This error message means that the driver is unable to establish connection to the mongocryptd (default port 27020). I’d suggest to check whether:
-
mongocryptdis on the PATH, and it’s running - The application is able to connect to the port
Regards,
Wan.
1 Like
@wan , I have tried my level best. but now I am running out of idea. In our code we have checked whether MongoCryptd is available on the installed path “/usr/bin/mongocryptd” . it is available. Also, we have started the process by using java code Process process = runTime.exec("/usr/bin/mongocryptd");.
Even after doing all this, when we tried to insert the records on to collection, am getting below error. please suggest me what else I can try. thanks in advance.
“Exception in encryption library: Exception in encryption library: Timed out after 1000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27020, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused (Connection refused)}}]”,“severity”:“FAIL”}]}
Hi @PrasannaVengadesan_santhanagopalan
Also, we have started the process by using java code Process process = runTime.exec(“/usr/bin/mongocryptd”);.
You don’t need to execute mongocryptd manually, as long as it is in the PATH that should work.
Would you be able to share your Dockerfile and a simple application example, so that others could reproduce your issue ?
Regards,
Wan.
1 Like
@wan , thanks for your reply. I went to India for vacation and struck there due to some issue. Back to USA now. I noticed that, My team has tried and these and finally they went with Manual encryption approach. seems FLE never worked on Java on the server. it is still working fine on Developer machine. problem with only server.
Our Base image is redhat/ubi8.
Same redhat base image is works fine on .NET core " redhat.io/ubi8/dotnet-60:6.0-20.20221101102142
problem is only on Java side " redhat.io/ubi8/openjdk-8:1.14-3.
please provide how to debug further. or we should use only Manual encryption on Java ?
You don’t need to execute mongocryptd manually, as long as it is in the PATH that should work.
@wan, you have mentioned above point. but, we have verified through the code. MongoCryptd exists on the path. but, still we are getting error “Timed out after 10000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27020, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket”
Can anyone please help me on Java 8 / Mongo DB FL automatic encryption (CSFLE) with Linux deployment. or do we need to just proceed with manual encryption ?
CC : @Stennie_X / @wan
@Prasannavengadesan_Santhanagopalan1
The error message suggests that the connection to the mongocryptd process running on port 27020 timed out. This could be caused by various reasons such as incorrect setup of mongocryptd process, network issues, or incorrect driver options.
One possible solution is to check if mongocryptd process is running correctly and if the driver options are set properly. Another possibility is to verify the network connectivity between the client and mongocryptd process.
Regarding automatic encryption (CSFLE) with Java 8 and MongoDB, it is possible to use the Java driver to implement CSFLE. However, proper configuration and setup is required. It may be helpful to review the Java driver documentation and examples to ensure correct implementation.
In terms of whether to proceed with manual encryption, it depends on the specific use case and requirements. Manual encryption provides more control and customization, but may require more effort to implement and maintain. Automatic encryption (CSFLE) can simplify encryption by handling it transparently, but has some limitations in terms of customization and may require specific versions of MongoDB Enterprise or Atlas cluster.
@Deepak_Kumar16 , thank you so much for the explanation. Problem is, we could not get proper help or sample project which uses Linux deployment and Atlas DB. kindly share if you have any. thanks.
Hi @PrasannaVengadesan_santhanagopalan ,
I have given you an example Docker project with Java a while ago:
For other users to be able to help answer your question, you need to provide a minimal reproducible example. In this case would be a Dockerfile that you have.
Regards,
Wan.
1 Like
This topic was automatically closed after 180 days. New replies are no longer allowed.