add better checks for responsiveness in scripts

Author: rglover

bootstrap.sh

@@ -259,10 +259,20 @@ else
 fi
 
 # Check if MongoDB is responsive - use mongosh with --tls flags
-if ! mongosh --host \$HOSTNAME --port \$MONGO_PORT \$MONGOSH_TLS_ARG -u \$DB_USERNAME -p \$DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" &>/dev/null; then
+log "Checking if MongoDB is responsive..."
+log "Running command: mongosh --host \$HOSTNAME --port \$MONGO_PORT \$MONGOSH_TLS_ARG -u \$DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"db.adminCommand('ping')\""
+
+# Create a temporary file to capture the output and errors
+MONGO_CHECK_OUTPUT=\$(mktemp)
+if ! mongosh --host \$HOSTNAME --port \$MONGO_PORT \$MONGOSH_TLS_ARG -u \$DB_USERNAME -p \$DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" > \$MONGO_CHECK_OUTPUT 2>&1; then
   log "❌ ERROR: MongoDB is not responsive. Backup aborted."
+  log "Error output from command:"
+  cat \$MONGO_CHECK_OUTPUT >> \$LOG_FILE
+  rm -f \$MONGO_CHECK_OUTPUT
   exit 1
 fi
+log "✅ MongoDB is responsive."
+rm -f \$MONGO_CHECK_OUTPUT
 
 # Create backup - use mongodump with --ssl flags
 log "Creating backup at \$BACKUP_PATH"

connection_info.sh

@@ -58,32 +58,54 @@ CONNECTION_DOMAIN="$DOMAIN"
   # Try to connect using the domain name first (if not localhost)
   if [ "$DOMAIN" != "localhost" ]; then
     echo "Attempting to connect to MongoDB using domain name: $DOMAIN"
-    if mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2>/dev/null; then
+    echo "Running command: mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --quiet --eval \"JSON.stringify(rs.status())\""
+    
+    # Create a temporary file to capture errors
+    ERROR_LOG=$(mktemp)
+    if mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2> $ERROR_LOG; then
       echo "✅ Successfully connected to MongoDB using domain name: $DOMAIN"
     else
-      echo "Connection using domain name failed. Trying localhost..."
+      echo "Connection using domain name failed. Error output:"
+      cat $ERROR_LOG
+      rm -f $ERROR_LOG
+      
+      echo "Trying localhost instead..."
+      echo "Running command: mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --quiet --eval \"JSON.stringify(rs.status())\""
+      
       # If that fails, try connecting using localhost
-      if mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2>/dev/null; then
+      if mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2> $ERROR_LOG; then
+        echo "✅ Successfully connected to MongoDB using localhost."
+        # Note: We're not changing CONNECTION_DOMAIN, only the DOMAIN for the current connection
+        DOMAIN="localhost"
+      else
+        echo "❌ ERROR: Failed to connect to MongoDB using both domain name and localhost."
+        echo "Error output from localhost attempt:"
+        cat $ERROR_LOG
+        rm -f $ERROR_LOG
+        rm -f $TEMP_FILE
+        exit 1
+      fi
+    fi
+    rm -f $ERROR_LOG
+  else
+    # Just try localhost
+    echo "Attempting to connect to MongoDB using localhost"
+    echo "Running command: mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --quiet --eval \"JSON.stringify(rs.status())\""
+    
+    # Create a temporary file to capture errors
+    ERROR_LOG=$(mktemp)
+    if mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2> $ERROR_LOG; then
       echo "✅ Successfully connected to MongoDB using localhost."
-      # Note: We're not changing CONNECTION_DOMAIN, only the DOMAIN for the current connection
-      DOMAIN="localhost"
     else
-      echo "❌ ERROR: Failed to connect to MongoDB using both domain name and localhost."
-      rm $TEMP_FILE
+      echo "❌ ERROR: Failed to connect to MongoDB using localhost."
+      echo "Error output:"
+      cat $ERROR_LOG
+      rm -f $ERROR_LOG
+      rm -f $TEMP_FILE
       exit 1
     fi
+    rm -f $ERROR_LOG
   fi
-else
-  # Just try localhost
-  echo "Attempting to connect to MongoDB using localhost"
-  if mongosh --host localhost --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --quiet --eval "JSON.stringify(rs.status())" > $TEMP_FILE 2>/dev/null; then
-    echo "✅ Successfully connected to MongoDB using localhost."
-  else
-    echo "❌ ERROR: Failed to connect to MongoDB using localhost."
-    rm $TEMP_FILE
-    exit 1
-  fi
-fi
 
 # Check if the command was successful
 if [ $? -ne 0 ] || [ ! -s $TEMP_FILE ]; then

provision_ssl.sh

@@ -139,14 +139,35 @@ if sudo systemctl is-active --quiet mongod; then
     DB_PASSWORD=$(jq -r '.db_password' "$CONFIG_FILE")
     MONGO_PORT=$(jq -r '.mongo_port' "$CONFIG_FILE")
 
+    # Get domain name from config.json
+    DOMAIN_CONFIG=$(jq -r '.domain_name' "$CONFIG_FILE")
+    if [ -n "$DOMAIN_CONFIG" ] && [ "$DOMAIN_CONFIG" != "null" ] && [ "$DOMAIN_CONFIG" != "your.domain.com" ]; then
+      DOMAIN="$DOMAIN_CONFIG"
+      echo "Using domain name from config.json: $DOMAIN"
+    else
+      DOMAIN="localhost"
+      echo "Domain name not set in config.json. Using localhost for connection."
+    fi
+    
     if command -v mongosh &> /dev/null; then
       # Try with domain name and client certificate
-      echo "Attempting to verify TLS using domain name"
-      if mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand({ getParameter: 1, tlsMode: 1 })" 2>/dev/null | grep -q "requireTLS"; then
-        echo "✅ MongoDB TLS mode verified using domain name: requireTLS is active"
+      echo "Attempting to verify TLS using domain name: $DOMAIN"
+      echo "Running command: mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"db.adminCommand({ getParameter: 1, tlsMode: 1 })\""
+      
+      # Create a temporary file to capture the output and errors
+      TLS_CHECK_OUTPUT=$(mktemp)
+      if mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand({ getParameter: 1, tlsMode: 1 })" > $TLS_CHECK_OUTPUT 2>&1; then
+        if grep -q "requireTLS" $TLS_CHECK_OUTPUT; then
+          echo "✅ MongoDB TLS mode verified using domain name: requireTLS is active"
+        else
+          echo "⚠️ WARNING: Command succeeded but TLS mode could not be verified."
+          echo "Output from command:"
+          cat $TLS_CHECK_OUTPUT
+        fi
       else
         echo "⚠️ WARNING: MongoDB is running but TLS mode could not be verified."
-        echo "This is expected because client certificates are required."
+        echo "Error output from command:"
+        cat $TLS_CHECK_OUTPUT
         echo ""
         echo "IMPORTANT: To connect to MongoDB, you will need:"
         echo "1. A client certificate signed by your CA"
@@ -155,6 +176,7 @@ if sudo systemctl is-active --quiet mongod; then
         echo "Example connection command:"
         echo "mongosh --host $DOMAIN --port $MONGO_PORT --tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem -u $DB_USERNAME -p <password> --authenticationDatabase admin"
       fi
+      rm -f $TLS_CHECK_OUTPUT
     else
       echo "⚠️ mongosh not available to verify TLS configuration."
       echo "MongoDB is running, but please verify TLS configuration manually."

utils/create_backup.sh

@@ -46,9 +46,27 @@ create_backup() {
 
   # Use the exact command that works
   if [ "$tls_enabled" = "true" ]; then
+    # For mongodump, use --ssl flags
     TLS_ARG="--ssl --sslCAFile $CA_FILE --sslPEMKeyFile /etc/ssl/mongodb/client.pem"
+    # For mongosh, use --tls flags
+    MONGOSH_TLS_ARG="--tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem"
     echo "NOTE: Client certificates are required for connections."
     echo "      Ensure the client certificate exists at /etc/ssl/mongodb/client.pem"
+    
+    # Check if MongoDB is responsive first
+    echo "Checking if MongoDB is responsive..."
+    echo "Running command: mongosh --host $host --port $MONGO_PORT $MONGOSH_TLS_ARG -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"db.adminCommand('ping')\""
+    
+    MONGO_CHECK_OUTPUT=$(mktemp)
+    if ! mongosh --host $host --port $MONGO_PORT $MONGOSH_TLS_ARG -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" > $MONGO_CHECK_OUTPUT 2>&1; then
+      echo "❌ ERROR: MongoDB is not responsive. Backup aborted."
+      echo "Error output from command:"
+      cat $MONGO_CHECK_OUTPUT
+      rm -f $MONGO_CHECK_OUTPUT
+      return 1
+    fi
+    echo "✅ MongoDB is responsive."
+    rm -f $MONGO_CHECK_OUTPUT
   else
     TLS_ARG=""
   fi

utils/replica_sets.sh

@@ -51,27 +51,55 @@ execute_mongo_command() {
   # Try to connect using the domain name first (if not localhost)
   if [ "$DOMAIN" != "localhost" ]; then
     echo "Attempting to connect to MongoDB using domain name: $DOMAIN"
-    if mongosh --host $DOMAIN --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" 2>/dev/null; then
+    echo "Running command: mongosh --host $DOMAIN --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"$command\""
+    
+    # Create a temporary file to capture the output and errors
+    MONGO_OUTPUT=$(mktemp)
+    if mongosh --host $DOMAIN --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" > $MONGO_OUTPUT 2>&1; then
       echo "✅ Successfully connected to MongoDB using domain name: $DOMAIN"
+      echo "Command output:"
+      cat $MONGO_OUTPUT
+      rm -f $MONGO_OUTPUT
       return 0
     else
-      echo "Connection using domain name failed. Trying localhost..."
-      if mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" 2>/dev/null; then
+      echo "Connection using domain name failed. Error output:"
+      cat $MONGO_OUTPUT
+      rm -f $MONGO_OUTPUT
+      
+      echo "Trying localhost instead..."
+      MONGO_OUTPUT=$(mktemp)
+      echo "Running command: mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"$command\""
+      if mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" > $MONGO_OUTPUT 2>&1; then
         echo "✅ Successfully connected to MongoDB using localhost."
+        echo "Command output:"
+        cat $MONGO_OUTPUT
+        rm -f $MONGO_OUTPUT
         return 0
       else
         echo "❌ ERROR: Failed to connect to MongoDB using both domain name and localhost."
+        echo "Error output from localhost attempt:"
+        cat $MONGO_OUTPUT
+        rm -f $MONGO_OUTPUT
         return 1
       fi
     fi
   else
     # Just try localhost
     echo "Attempting to connect to MongoDB using localhost"
-    if mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" 2>/dev/null; then
+    echo "Running command: mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"$command\""
+    
+    MONGO_OUTPUT=$(mktemp)
+    if mongosh --host localhost --port $MONGO_PORT $TLS_ARGS -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "$command" > $MONGO_OUTPUT 2>&1; then
       echo "✅ Successfully connected to MongoDB using localhost."
+      echo "Command output:"
+      cat $MONGO_OUTPUT
+      rm -f $MONGO_OUTPUT
       return 0
     else
       echo "❌ ERROR: Failed to connect to MongoDB using localhost."
+      echo "Error output:"
+      cat $MONGO_OUTPUT
+      rm -f $MONGO_OUTPUT
       return 1
     fi
   fi

utils/restore_backup.sh

@@ -51,9 +51,27 @@ restore_backup() {
 
   # Use the exact command that works
   if [ "$tls_enabled" = "true" ]; then
+    # For mongorestore, use --ssl flags
     TLS_ARG="--ssl --sslCAFile $CA_FILE --sslPEMKeyFile /etc/ssl/mongodb/client.pem"
+    # For mongosh, use --tls flags
+    MONGOSH_TLS_ARG="--tls --tlsCAFile $CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem"
     echo "NOTE: Client certificates are required for connections."
     echo "      Ensure the client certificate exists at /etc/ssl/mongodb/client.pem"
+    
+    # Check if MongoDB is responsive first
+    echo "Checking if MongoDB is responsive..."
+    echo "Running command: mongosh --host $host --port $MONGO_PORT $MONGOSH_TLS_ARG -u $DB_USERNAME -p [PASSWORD] --authenticationDatabase admin --eval \"db.adminCommand('ping')\""
+    
+    MONGO_CHECK_OUTPUT=$(mktemp)
+    if ! mongosh --host $host --port $MONGO_PORT $MONGOSH_TLS_ARG -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" > $MONGO_CHECK_OUTPUT 2>&1; then
+      echo "❌ ERROR: MongoDB is not responsive. Restore aborted."
+      echo "Error output from command:"
+      cat $MONGO_CHECK_OUTPUT
+      rm -f $MONGO_CHECK_OUTPUT
+      return 1
+    fi
+    echo "✅ MongoDB is responsive."
+    rm -f $MONGO_CHECK_OUTPUT
   else
     TLS_ARG=""
   fi