How to make changes in the backup script?

Due to incompatibility with my S3-compatible HCP object storage (it does not tolerate colon in file names :) I need to make changes in the XtraDB operator backup script.

How to do it? Where is the source code? Which branch to use?
I use XtraDB cluster installed with Helm chart v 1.9.1

What is done so far:
I downloaded this code main branch percona-docker/percona-xtradb-cluster-8.0-backup at main · percona/percona-docker · GitHub
I made changes in the script (only generated backup file name was changed), then build a Docker image.
Made following changes in values.yaml:

updateStrategy: Never
  enabled: true
  image: "chudinov/mycustom-percona-xtradb-cluster-8.0-backup:latest"    # my custom image

After the cluster was reinstalled with this custom backup image the following error comes up:

ERROR: handshake with remote endpoint ssl:// failed: asio.ssl:337047686: 'certificate verify failed' ( 337047686: 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed')
This error is often caused by SSL issues. 

How to fix this? Perhaps I’am just using wrong backup script branch?

1 Like

@Michael_Chudinov ,

github repo seems valid.
I’m not 100% sure what the issue is with HSP and what the changes were, but error most likely points to self-signed cert. Are you using self-signed cert on HSP side?

If you are, please read this forum thread: Allow self-signed certificate TLS-URL in endpointUrl for S3-Backups

You have 3 choices:

  1. use non-ssl endpoint
  2. somehow trick backup (by adding your CA to the trusted certs in the docker container)
  3. wait for [K8SPXC-752] Allow disabling TLS when taking backups - Percona JIRA
1 Like

The S3 storage Iam using is called HCP (Hitachy Content Platform), it uses TLS. It does not tolerate colon : in file names. Colon in backup filename must be changed in the custom script/image.

However according to error messages the script from custom image can not connect to XtraDB instance, not the S3-storage

handshake with remote endpoint ssl:// failed

While backup image used by operator by default can connect to the same object storage just well.