How to make changes in the backup script?

Michael_Chudinov · November 14, 2021, 7:18pm

Due to incompatibility with my S3-compatible HCP object storage (it does not tolerate colon in file names :) I need to make changes in the XtraDB operator backup script.

How to do it? Where is the source code? Which branch to use?
I use XtraDB cluster installed with Helm chart v 1.9.1

What is done so far:
I downloaded this code main branch percona-docker/percona-xtradb-cluster-8.0-backup at main · percona/percona-docker · GitHub
I made changes in the run_backup.sh script (only generated backup file name was changed), then build a Docker image.
Made following changes in values.yaml:

updateStrategy: Never
backup:
  enabled: true
  image: "chudinov/mycustom-percona-xtradb-cluster-8.0-backup:latest"    # my custom image

After the cluster was reinstalled with this custom backup image the following error comes up:

ERROR: handshake with remote endpoint ssl://10.200.89.29:4567 failed: asio.ssl:337047686: 'certificate verify failed' ( 337047686: 'error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed')
This error is often caused by SSL issues.

How to fix this? Perhaps I’am just using wrong backup script branch?

Sergey_Pronin · November 15, 2021, 8:16am

@Michael_Chudinov ,

github repo seems valid.
I’m not 100% sure what the issue is with HSP and what the changes were, but error most likely points to self-signed cert. Are you using self-signed cert on HSP side?

If you are, please read this forum thread: Allow self-signed certificate TLS-URL in endpointUrl for S3-Backups

You have 3 choices:

use non-ssl endpoint
somehow trick backup (by adding your CA to the trusted certs in the docker container)
wait for [K8SPXC-752] Allow disabling TLS when taking backups - Percona JIRA

Michael_Chudinov · November 15, 2021, 8:44am

The S3 storage Iam using is called HCP (Hitachy Content Platform), it uses TLS. It does not tolerate colon : in file names. Colon in backup filename must be changed in the custom script/image.

However according to error messages the script from custom image can not connect to XtraDB instance, not the S3-storage

handshake with remote endpoint ssl://10.200.89.29:4567 failed

While backup image used by operator by default can connect to the same object storage just well.

Topic		Replies	Views
Chnages in backup script. Custom backup image? Percona Operator for MySQL	3	502	November 12, 2021
Backup error: Process completed with error: /usr/bin/run_backup.sh. What is it? Percona XtraDB Cluster 8.x	5	1279	September 2, 2022
Percona MySQL Operator for XtraDB clusters - Ability to use our own internal SSL certificates for MySQL S3 backups Percona Operator for MySQL	3	425	December 8, 2023
Allow self-signed certificate TLS-URL in endpointUrl for S3-Backups Percona Operator for MySQL	14	3638	May 9, 2022
Percona XtraDB MySQL Backup is failing due to SSL certificate expired \| Please let me know the process to renew the SSL certs Percona Operator for MySQL	2	266	April 12, 2024

How to make changes in the backup script?

Related topics