[英]Connecting pymongo client to mongodb server with TLS
我在 Google Cloud 上有 2 個實例:
實例 A和實例 B - 兩者都有一個 static 外部 IP 地址。
實例 A運行社區版 MongoDB 服務器 v4.4.6。
因此,我成功地使用實例 B中的 mongo shell(v4.4.6) 連接到在實例 A上運行的 mongo 服務器。 這是我使用的命令 -
mongo --tls --tlsCertificateKeyFile client.pem --tlsCAFile ca.pem <instance_a_ip>:<port>/admin -u <userName> -p
我想使用實例 B中的 pymongo(v3.11.4) 客戶端連接到實例 A中的 MongoDB 服務器,並且我已經嘗試在交互式 python Z2591C98B70119FE6248Z8B1E4 中使用它
client = MongoClient("mongodb://<instance_a_ip>:<port>/admin", tls=True, tlsCertificateKeyFile='./client.pem', tlsCAFile='./ca.pem', username='<userName>', password='<userPassword>')
但是,我無法連接,這是我收到的錯誤 -
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/collection.py", line 1319, in find_one
for result in cursor.limit(-1):
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/cursor.py", line 1207, in next
if len(self.__data) or self._refresh():
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/cursor.py", line 1100, in _refresh
self.__session = self.__collection.database.client._ensure_session()
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/mongo_client.py", line 1816, in _ensure_session
return self.__start_session(True, causal_consistency=False)
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/mongo_client.py", line 1766, in __start_session
server_session = self._get_server_session()
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/mongo_client.py", line 1802, in _get_server_session
return self._topology.get_server_session()
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/topology.py", line 496, in get_server_session
self._select_servers_loop(
File "/home/varun/test-env/lib/python3.8/site-packages/pymongo/topology.py", line 215, in _select_servers_loop
raise ServerSelectionTimeoutError(
pymongo.errors.ServerSelectionTimeoutError: <instance_a_ip>:<port>: ("Invalid DNS pattern b'127.0.0.1'.",), Timeout: 30s, Topology Description: <TopologyDescription id: 60ad03827b267af40c2edf4b, topology_type: Single, servers: [<ServerDescription ('<instance_a_ip>', <port>) server_type: Unknown, rtt: None, error=AutoReconnect('<instance_a_ip>:<port>: ("Invalid DNS pattern b\'127.0.0.1\'.",)')>]>
我是 MongoDB 的新手,無法弄清楚如何 go 解決這個問題,我們將不勝感激。
通過為 MongoDB 安裝 Nodejs 客戶端來調試問題。 Node 客戶端在失敗時提供了更好的消息 -
[Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 34.126.133.72 is not in the cert's list
由於有意義的錯誤,我通讀了創建自簽名證書時使用的 OpenSSL 配置文件。 糾正了我在配置文件中犯的錯誤 -
導致錯誤的原始配置文件
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = 127.0.0.1
DNS.2 = <instance_a_ip>
更正的配置文件現在適用於所有 MongoDB 客戶端
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = 127.0.0.1
IP.2 = <instance_a_ip>
您的證書是自簽名的,在創建 MongoClient 時添加此選項。
tlsInsecure=True
代碼將是這樣的
client = MongoClient(
["<instance_a_ip>:<port>"],
tls=True,
tlsInsecure=True,
tlsCertificateKeyFile='./client.pem',
tlsCAFile='./ca.pem',
username='<userName>',
password='<userPassword>'
)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.