0

Let's say I have a Mongo DB instance running on VM in Project A. And I want to connect my Google Cloud Function in Project B to the DB in Project A. What do I need to setup in Console?

I have added Project B's service account to Project A IAM (the one ends with xxx@appspot.gserviceaccount.com) but from GCF's log, mongo keeps reporting error like MongoError: getaddrinfo ENOTFOUND mongodb0-server-1 mongodb0-server-1:27017

I believe I have to allow Project B to access Project A's resources from firewall rules, but I am not sure as Cloud Functions do not have external IP like Compute Engine. Also I couldn't found clear documentation about this case.

spondbob
  • 1,523
  • 2
  • 17
  • 34

1 Answers1

0

Hostname resolution

In Google Cloud Platform the DNS resolution of the hostname of the instances of different projects doesn't work.

Therefore inside project A you will be able to resolve all the hostnames of the Google Compute Engine instances of that project, but you will be not able to do the same for project B (also because the names of the instances are not unique across the projects and it would be impossible!).

This is why connecting from project A to project B I think you are getting:

MongoError: getaddrinfo ENOTFOUND mongodb0-server-1 mongodb0-server-1:27017

You can decide to refer to the server through the public IP of the instance running the mongoDB or adding a static DNS rule in /etc/hosts as suggested in this SO question, but I guess that this is not an option since you do not have access to the instance running your code.

Firewall

Moreover in the project hosting the mongoDB you will need to allow the traffic to your DB for the protocol and port used by the Cloud Functions to communicate with the DB.

In order to do so, since it seems that you cannot create a static IP for Google Cloud Functions you will need to whitelist everyone (not the safest solution) or to whitelist the google IP, similar issue here.

GalloCedrone
  • 4,869
  • 3
  • 25
  • 41
  • Hi when I connect to the mongo instance, I actually already use the external IP address. My connection string is something like `mongodb://user:pass@1.2.3.4:27017/db?authSource=source&replicaSet=replica` but somewhere along the line it gets translated to the domain name `mongodb0-server-1` – spondbob Jan 29 '18 at 22:08
  • With firewall, I have added a rule like 0.0.0.0 for port 27017 but the function still can't connect to db. Maybe because the hostname issue earlier. – spondbob Jan 29 '18 at 22:10
  • I would try to debug it breaking the issue in two. First try to connect to the mongodb instance from your machine or a instance of projectB without making use of CloudFunctions, in this way you can test the correctness of the firewall rules. I looked for the second part of the problem and it seems a common issue solvable updating a enviroment variable, I advice tou to check online (couple of random example follows):https://github.com/Automattic/mongoose/issues/3049 , or https://stackoverflow.com/questions/39108992/mongoerror-getaddrinfo-enotfound-undefined-undefined27017 , ecc – GalloCedrone Jan 30 '18 at 08:29