I have noticed that I am not able to add a mongoDB database with ssl connection in version 0.35.4 and get it working. I tried many different versions of metabase and found that the some config actually works in version 0.31.2. It seems like enabling ssl broke, as my mongodb instance says that all the connections are not using ssl. Does anyone have a solution, such as messing with the included mongodb client (I prefer not). I used only my ca.pem from mongodb to import into my java keystore cacerts, per other suggestions (I need both trust and key specified to get it to work).
Here is my java version:
openjdk jre 1.8.238
Here is my java options:
java -Djavax.net.ssl.trustStore=/opt/cacerts.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=/opt/cacerts.jks -Djavax.net.ssl.keyStorePassword=changeit -jar /opt/metabase.jar
Version 0.36.0 will have an option to input custom certificates.
I haven’t seen anyone using keyStore in the parameters - trustStore should be enough.
Are you doing a keytool -import ... ? See the comments here for various workarounds: https://github.com/metabase/metabase/issues/3877
that was a typo.
My mongodb dev instance is configured with CA file: /opt/github/mongodb-dev-ca.pem
This is the keytool command:
keytool -import -noprompt -trustcacerts -alias mongodb_dev_ca -file /opt/github/mongodb-dev-ca.pem -keystore /opt/cacerts.jks -storepass changeit
I am primarily confused why this same config or something similar does not work with the new versions, such as 0.35.4. The connection string option “ssl=true” doesn’t seem to enable an ssl connection negation with the mongodb.
@shane.emery I don’t know - a lot has changed since 0.31.2. But I remember some problems for some connections upon upgrading, where metabase_database.details would have "ssl":false set even though it used to be true - or vice versa. So check you application database.
If I remember correctly, with MongoDB you cannot define ssl=true in the connection string - it’s a an option that needs to be defined on the connection.
Thanks for the tip. Keep in mind I am not specifying this as an application DB for metabase to use. How would I specify ssl in the connection, if not in the connection string option on the “add database” page? Does this get defined in the mongodb client plugin?
I migrated to using a local mysql v8 instance and see that the related ssl values saved in the metabase_database table row for my mongodb connection includes this:
I have also noticed i can upgrade to 35.4 locally, and it saves the connection, which works fine. I still cannot fathom how to get a fresh now mongodb connection saved onto an existing metabase instance running 35.4 in our dev environment. Guess I will have to wait for 36.0?
I take that back. in the latest version 35.4 it behaves the same in both environments. It looks like in the “add database” section, when i go to save/test the connection it fails and because it doesn’t establish an ssl connection. Once it’s past this and saved into the application db, it then seems to establish an ssl connection properly.
I wonder if these are 2 different functions in the metabase code?
I’m getting past the validation point in version 31.2 and saving it the application db. then I upgrade to version 35.4 and see that exporing data still works. Yes, if I go to view my database connections and look at the mongodb, the validation fails in version 34.5 ultimately.
@shane.emery Okay, then the problem of getting past the validation is fixed, since it only occurs on 0.31.2
You have three options. Stay with 0.31.2, or wait for 0.36.0, or manually change the metadata.