Search code examples
mongodbamazon-ec2replicaset

Failed to setup MongoDB Replica Set on Amazon EC2 instance

I have three ec2 instances, with addresses respective ec2-xx-yyy-zz-www.us-west-2.compute.amazonaws.com. I want to set up a replica set between these three, but before starting off I checked this trouble-shooting guide which recommended testing the connectivity between the members. The results of my test are:

  • Server 1 cannot connect to Server 2 but connect to Server 3
  • Server 2 can connect to Server 1 and 3
  • Server 3 can connect to Server 1 but not to Server 2

When I say cannot connect it means it fails with this message

 mongo --host ec2-54-149-51-166.us-west-2.compute.amazonaws.com --port 27017
MongoDB shell version: 3.2.10
connecting to: ec2-54-149-51-166.us-west-2.compute.amazonaws.com:27017/test
2016-10-18T19:46:52.223+0000 W NETWORK  [thread1] Failed to connect to 172.31.16.185:27017 after 5000 milliseconds, giving up.
2016-10-18T19:46:52.223+0000 E QUERY    [thread1] Error: couldn't connect to server ec2-54-149-51-166.us-west-2.compute.amazonaws.com:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:231:14
@(connect):1:6

exception: connect failed

I don't understand how to resolve this. Is it something do with security groups? Or where could be the issue. I cannot ping to any server so that's one. What else I can try to debug and solve it. Thanks

Solution

  • I don't understand how to resolve this. Is it something do with security groups?

    Yes it is directly related to your Security Group settings. You need to open the ports correctly in the Security Group(s). You probably have all the instances in the same security group, and you need to add a rule that allows instances inside the security group to access the correct ports of other instances in the same group.

    Also, you appear to be using the public DNS of the instances, which is mapped to the public IP of the instances. This will cause all your network traffic to go outside the VPC and back in, which bypasses the Security Group rules and all the other security settings of your VPC. This is generally less secure, and slower, than keeping all the traffic inside the VPC. You need to use the private IP addresses assigned to those instances in all communication between those servers in order to keep all network traffic inside your VPC.

    I cannot ping to any server so that's one.

    Ping is disabled by default on EC2. Don't use ping as a testing tool.