2

I have created a MongoDB instance in OpenShift. I can connect to it via RockMongo, which is a service offered by OpenShift.

I'm trying to connect to my instance using JAVA, but I just receive a Connection refuesed error. Moreover, I cannot connect it using RoboMongo.

In my RockMongo status tab, I see the following information:

Host: 127.11.201.2
Port: 27017

Using RoboMongo with MongoLab instance works just fine giving it the right credentials, but here with OpenShift it fails on connecting to the instance.

In my JAVA app I'm trying the following:

MongoCredential credential = MongoCredential.createCredential(
                Const.MONGO_USERNAME, Cont.MONGO_DB,
                Const.MONGO_PASSWORD.toCharArray());
        mongo = new MongoClient(new ServerAddress(Const.MONGO_URI), Arrays.asList(credential));

With 127.11.201.2 as MONGO_URI. Why am I failing to connect to my instance? What am I doing wrong?

P.S using putty I am able to connect to my mongo instance by just executing the command mongo.

itaied
  • 6,827
  • 13
  • 51
  • 86
  • Is there an error message of some sort? [This answer](http://stackoverflow.com/questions/21859579/authentication-during-connection-to-mongodb-server-instance-using-java) suggest wrapping the `MongoCredential` in a `List`, then passing the list to the `MongoClient(...)` constructor. – Vic May 08 '15 at 17:44
  • It's a very strange behavior since I cannot connect using other tools like `RoboMongo`. I assume this is not a programmatic question after investigating it for a while now. But then again, I really don't know why my connection is being denied. – itaied May 08 '15 at 18:06
  • Yes but I got some port exceptions I need to figure out. I'll try it later on this week and keep you posted. Thanks. – itaied May 11 '15 at 09:50

1 Answers1

3

OpenShift provides environment variables, which you should use to connect to your MongoDB.

  • OPENSHIFT_MONGODB_DB_HOST The MongoDB IP address
  • OPENSHIFT_MONGODB_DB_PORT The MongoDB port
  • OPENSHIFT_MONGODB_DB_USERNAME The MongoDB username
  • OPENSHIFT_MONGODB_DB_PASSWORD The MongoDB password
  • OPENSHIFT_MONGODB_DB_URL The MongoDB connection URL (e.g. mongodb://<username>:<password>@<hostname>:<port>/)

I'm using one line of code to connect to the database:

new MongoClient(new MongoClientURI(System.getenv("OPENSHIFT_MONGODB_DB_URL")));
Christian Strempfer
  • 7,291
  • 6
  • 50
  • 75
  • However, even when the vars come from a presumably safe source, they should be sanitized and not used unchecked. – Markus W Mahlberg May 09 '15 at 10:02
  • Assumption: Somebody has managed to manipulate the generation of some or all needed environment vars, without gaining read access to the variables generated. I'd check wether the IP belongs to the expected range in order to prevent credentials to be sent to an unknown host. A forward and reverse lookup and subsequent check if the values correspond. Next, it check wether the compound url matches the parts, is a valid URL and does not set unwanted connection parameters, such as an inappropriate write concern which might break SLAs. – Markus W Mahlberg May 09 '15 at 10:22
  • A failure in one of those tests might indicate a security problem, be it an intended our accidental one. – Markus W Mahlberg May 09 '15 at 10:24