I am quite new to HashiCorp Boundary and I just finishes the “getting started” tutorial in the learn site. I am still going through documentation and trying to understand if Boundary works for our specific use case with mongo.
We have a mongo replica set running in AWS private subnets. Our applications all run in AWS and can connect to mongo replica sets. But sometimes (especially in dev) we would like to connect to this mongo replica set from our laptops (to run some tests and/or just to inspect something). To be able to do so, the mongo client needs to have network connection to all of members of the replica set. So Boundary will have to proxy transparently for all members of the replica set. Would Boundary work for this specific use case? Can we use Boundary desktop to proxy to our 3 node mongo replica set and use mongo client to connect to replica sets? Have anybody tried this?
I’m not an expert on MongoDB by any means, but based on my limited knowledge, it’s one of several systems like Cassandra that prefer not to be externally load-balanced, so by default what you’d have to do in Boundary is define individual host sets each with a host mapping to a single client, then somehow (like in /etc/hosts) map those to the names the replica members are advertised by in MongoDB. However, if all you need to do is get query results it seems you might be able to stand up a mongos router and connect your clients to that through Boundary. (mongos is apparently usually for querying sharded clusters; I don’t know if it will talk to an unsharded cluster as a single shard or if it will just not talk to it at all…)
I tried using boundary exec as mentioned in the tutorial, But mongo client needs to have connection to the replica set member as configured in the replica set. So even when I specify local TCP ports provided by Boundary agent, I can not connect to replica set. However a direct connection to primary works. But that doesn’t handle changes to primary node.
I have also tried with /etc/hosts changes and trying to make servers transparent. But due to port conflicts locally, I had to provide different ports in the seed list. And even that fails since the address returned by the replica set is different from the seed list and there is no route to each member of replica set.
I think actually mongo route would work. But that means I will set up mongod as a single shard replica set with configServers and mongos node. I was hoping to avoid this reconfiguration by somehow proxying to replica set.
So looks like Boundary doesn’t handle this particular use case with mongodb replica set. If anyone has any success proxying to mongo replica set, please share.