Project

General

Profile

Actions
Copy link

Bug #23506

closed

cannot backup remote mongo database over SSL

Added by Ales Dujicek about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Foreman - Nightly
Red Hat JIRA:

Description

# foreman-maintain backup online --skip-pulp-content -y /tmp/backup/online

E, [2018-05-04 12:51:56+0200 #7347] ERROR -- : Failed executing scl enable rh-mongodb34 -- mongodump -u pulp1 -p [FILTERED] --host 10.16.70.236 --port 27017 --ssl --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem -d pulp1db --out /tmp/backup/online/satellite-backup-2018-05-04-12-50-23/mongo_dump, exit status 1:
 2018-05-04T12:51:56.221+0200   Failed: error connecting to db server: no reachable servers, openssl error: Host validation error (ForemanMaintain::Error::ExecutionError)

it seems there is a bug in SSL validation in monogodump tool

scl enable rh-mongodb34 bash

# cannot dump
mongodump -u pulp1 -p *** --host 10.16.70.236 --port 27017 --db pulp1db --ssl --out /tmp/ --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem  
2018-05-04T13:45:56.085+0200    Failed: error connecting to db server: no reachable servers, openssl error: Host validation error

# works with --sslAllowInvalidCertificates
mongodump -u pulp1 -p *** --host 10.16.70.236 --port 27017 --db pulp1db --ssl --out /tmp/ --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem  --sslAllowInvalidCertificates

# and also mongo works (even without sslAllowInvalidCertificates)
mongo -u pulp1 -p *** --host 10.16.70.236 --port 27017  pulp1db --ssl  --sslCAFile /etc/ssl/ca.pem --sslPEMKeyFile /etc/ssl/mongo-client.pem
Actions
Copy link

Also available in: Atom PDF