SSL not natively supported

[JJClements]

It appears that SSL is not natively supported. When I am enforcing SSL using the following:

default['mongodb']['config']['mongod']['net']['ssl']['mode'] = 'requireSSL'
default['mongodb']['config']['mongod']['net']['ssl']['PEMKeyFile'] = "/etc/ssl/#{node['hostname']}.pem"
default['mongodb']['config']['mongod']['net']['ssl']['CAFile'] = "/etc/ssl/#{node['hostname']}-ca.crt"
default['mongodb']['config']['mongod']['net']['ssl']['allowConnectionsWithoutCertificates'] = 'true'
default['mongodb']['config']['mongod']['net']['ssl']['disabledProtocols'] = 'TLS1_0,TLS1_1

I receive an error when converging , which appears to be because providers/user.rb 'Mongo::MongoClient.new' isn't connecting with SSL (and so the users can't be created). Manually editing the providers/user.rb and adding 'ssl: true' works, but I am unable to get any logic working to only apply this if:

node['mongodb']['config']['mongod']['net']['ssl']['mode'] == 'requireSSL'

For the moment we have forked the cookbook and have set 'ssl: true' in providers/user.rb , but it would be good if the logic existed to be able to determine when this was required and connect using SSL as required.

I'm surprised more people aren't using SSL by the look of it?

[swalberg]

Hi, thanks for the bug report. We don't use TLS so haven't run into it, but your solution seems reasonable.

[vibhaG]

I need a similar fix @JJClements Can you point me to your fork?

[mike-sol]

+1 - Same situation here. I don't know if JJClements actually pushed up a fork, or if they're just maintaining it locally; I'm going to do the latter since it's a bit of a dirty fix.

[github-actions]

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.