Bug #23506: cannot backup remote mongo database over SSL - Foreman Maintain - Foreman

Actions

Copy link

Bug #23506

closed

cannot backup remote mongo database over SSL

Added by Ales Dujicek almost 6 years ago. Updated almost 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Foreman - Nightly

Red Hat JIRA:

Description

# foreman-maintain backup online --skip-pulp-content -y /tmp/backup/online

E, [2018-05-04 12:51:56+0200 #7347] ERROR -- : Failed executing scl enable rh-mongodb34 -- mongodump -u pulp1 -p [FILTERED] --host 10.16.70.236 --port 27017 --ssl --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem -d pulp1db --out /tmp/backup/online/satellite-backup-2018-05-04-12-50-23/mongo_dump, exit status 1:
 2018-05-04T12:51:56.221+0200   Failed: error connecting to db server: no reachable servers, openssl error: Host validation error (ForemanMaintain::Error::ExecutionError)

it seems there is a bug in SSL validation in monogodump tool

scl enable rh-mongodb34 bash

# cannot dump
mongodump -u pulp1 -p *** --host 10.16.70.236 --port 27017 --db pulp1db --ssl --out /tmp/ --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem  
2018-05-04T13:45:56.085+0200    Failed: error connecting to db server: no reachable servers, openssl error: Host validation error

# works with --sslAllowInvalidCertificates
mongodump -u pulp1 -p *** --host 10.16.70.236 --port 27017 --db pulp1db --ssl --out /tmp/ --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem  --sslAllowInvalidCertificates

# and also mongo works (even without sslAllowInvalidCertificates)
mongo -u pulp1 -p *** --host 10.16.70.236 --port 27017  pulp1db --ssl  --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem

Actions

Copy link

Updated by Ales Dujicek almost 6 years ago

Status changed from New to Resolved

closing, I probably just configured something wrong

with remote pulp db configuration
/etc/pulp/server.conf

[database]
name: pulp1db
seeds: address:27017
username: pulp1
password: pulp1pw
ssl: true
ssl_certfile: /etc/ssl/mongo-client.pem
verify_ssl: true
ca_path: /etc/ssl/ca.pem
unsafe_autoretry: false

foreman-maintain backup online --skip-pulp-content -y /tmp/backup/online

D, [2018-05-28 09:21:26+0200 #31671] DEBUG -- : Running command scl enable rh-mongodb34 -- mongodump -u pulp1 -p [FILTERED] --host address --port 27017 --ssl --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem -d pulp1db --out /tmp/backup/online/satellite-backup-2018-05-28-09-20-17/mongo_dump with stdin nil
D, [2018-05-28 09:21:26+0200 #31671] DEBUG -- : output of the command:
 2018-05-28T09:21:26.621+0200   writing pulp1db.content_types to
2018-05-28T09:21:26.621+0200    writing pulp1db.permissions to
2018-05-28T09:21:26.621+0200    writing pulp1db.workers to
2018-05-28T09:21:26.622+0200    writing pulp1db.task_status to
2018-05-28T09:21:26.625+0200    done dumping pulp1db.content_types (18 docume

backup works!

rubygem-foreman_maintain-0.2.2-1.el7.noarch
foreman-1.18.0-0.develop.201805271542git5d3c04d.el7.noarch
katello-3.7.0-4.nightly.el7.noarch
rh-mongodb34-mongodb-3.4.9-1.el7.x86_64

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman Maintain

Custom queries

Bug #23506

cannot backup remote mongo database over SSL

Updated by Ales Dujicek almost 6 years ago