Mongodb operation backup server selection error

dkdkenen2006 · December 23, 2022, 7:17am

I receive certificates from lets encrypt for MongoDB and manage them with cert manager.

In the case of lets encrypt, certificate renewal is required after 3 months, so the cert manager renews the certificate, but a server selection error appears as mongodb ssl and mongodb ssl internal are changed.

So I tried applying ssl using percona-server-mongodb-operator/ssl-secrets.yaml at main · percona/percona-server-mongodb-operator · GitHub file, but the same error occurred.

cat <<EOF | cfssl gencert -initca - | cfssljson -bare ca
  {
    "CA": {
      "expiry": "${EXPIRY}",
      "pathlen": 0
    },
    "CN": "Root CA",
    "names": [
      {
        "O": "PSMDB"
      }
    ],
    "key": {
      "algo": "rsa",
      "size": 2048
    }
  }
EOF

# config
cat <<EOF >ca-config.json
  {
    "signing": {
      "default": {
        "expiry": "${EXPIRY}",
        "usages": ["signing", "key encipherment", "server auth", "client auth"]
      }
    }
  }
EOF

# server
cat <<EOF | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=./ca-config.json - | cfssljson -bare server
  {
    "hosts": [
      "localhost",
      "${CLUSTER_NAME}-rs0",
      "${CLUSTER_NAME}-rs0.${NAMESPACE}",
      "${CLUSTER_NAME}-rs0.${NAMESPACE}.svc.cluster.local",
      "*.${CLUSTER_NAME}-rs0",
      "*.${CLUSTER_NAME}-rs0.${NAMESPACE}",
      "*.${CLUSTER_NAME}-rs0.${NAMESPACE}.svc.cluster.local"
    ],
    "names": [
      {
        "O": "psmdb"
      }
    ],
    "CN": "${CLUSTER_NAME/-rs0/}",
    "key": {
      "algo": "rsa",
      "size": 2048
    }
  }
EOF

I tried changing the certificate period to 10 years through the code, but when the mongodb ssl is changed, a server selection error appears.

my error code

create pbm object: create PBM connection to
    mongodb-rs0-2.mongodb-rs0.mongodb.svc.cluster.local:27017,mongodb-rs0-0.mongodb-rs0.mongodb.svc.cluster.local:27017,mongodb-rs0-1.mongodb-rs0.mongodb.svc.cluster.local:27017:
    create mongo connection: mongo ping: server selection error: server
    selection timeout, current topology: { Type: Unknown, Servers: [{ Addr:
    mongodb-rs0-2.mongodb-rs0.mongodb.svc.cluster.local:27017, Type: Unknown,
    Last error: connection() error occured during connection handshake: x509:
    certificate is valid for localhost,

my cr.yaml

apiVersion: psmdb.percona.com/v1
kind: PerconaServerMongoDB
metadata:
  name: mongodb
  finalizers:
    - delete-psmdb-pods-in-order
spec:
  crVersion: 1.14.0
  image: percona/percona-server-mongodb:5.0.11-10
  imagePullPolicy: Always
  tls:
    # 90 days in hours
    certValidityDuration: 2160h
  allowUnsafeConfigurations: false
  updateStrategy: SmartUpdate
  upgradeOptions:
    versionServiceEndpoint: https://check.percona.com
    apply: 5.0-recommended
    schedule: "0 2 * * *"
  
  secrets:
    users: mongodb-secret
    encryptionKey: mongodb-mongodb-encryption-key

  pmm:
    enabled: false
    image: percona/pmm-client:2.30.0
    serverHost: monitoring-service

  replsets:
    - name: rs0
      size: 3
      affinity:
        antiAffinityTopologyKey: "kubernetes.io/hostname"
      podDisruptionBudget:
        maxUnavailable: 1
      expose:
        enabled: false
        exposeType: ClusterIP
      resources:
        limits:
          cpu: "300m"
          memory: "0.5G"
        requests:
          cpu: "300m"
          memory: "0.5G"
      volumeSpec:
        persistentVolumeClaim:
          resources:
            requests:
              storage: 4Gi
      arbiter:
        enabled: false
        size: 1
        affinity:
          antiAffinityTopologyKey: "kubernetes.io/hostname"

  sharding:
    enabled: true
    configsvrReplSet:
      size: 3
      affinity:
        antiAffinityTopologyKey: "kubernetes.io/hostname"
      podDisruptionBudget:
        maxUnavailable: 1
      expose:
        enabled: false
        exposeType: ClusterIP
      resources:
        limits:
          cpu: "300m"
          memory: "0.5G"
        requests:
          cpu: "300m"
          memory: "0.5G"
      volumeSpec:
        persistentVolumeClaim:
          resources:
            requests:
              storage: 4Gi

    mongos:
      size: 3
      affinity:
        antiAffinityTopologyKey: "kubernetes.io/hostname"
      podDisruptionBudget:
        maxUnavailable: 1
      resources:
        limits:
          cpu: "300m"
          memory: "0.5G"
        requests:
          cpu: "300m"
          memory: "0.5G"
      expose:
        exposeType: Clustecfcmonto

  mongod:
    security:
      encryptionKeySecret: "mongodb-mongodb-encryption-key"
  backup:
    enabled: true
    image: perconalab/percona-server-mongodb-operator:main-backup
    serviceAccountName: percona-server-mongodb-operator
    storages:
      minio:
        type: s3
        s3:
          bucket: psmdb-backups
          credentialsSecret: minio-secret
          endpointUrl: http://minio.minio.svc.cluster.local/mongodb/backups
          insecureSkipTLSVerify: true
          prefix: ""

    tasks:
      - name: backup
        enabled: true
        schedule: "*/5 * * * *"
        storageName: minio
        compressionType: gzip
        compressionLevel: 6
        keep: 3

    pitr:
      enabled: true
      oplogSpanMin: 10
      compressionType: gzip
      compressionLevel: 6

please help…

Topic		Replies	Views
When I turn on the backup option, operator reports an error：error occured during connection handshake: x509 Percona Operator for MongoDB	10	1402	February 3, 2023
The provided SSL certificate is expired Percona Operator for MongoDB	3	1900	June 29, 2021
Percona Operator for MongoDB - Ability to use our own internal SSL certificates for MongoDB S3 backups Percona Operator for MongoDB	4	438	December 8, 2023
MongoDB ReplicaSet Cluster with TLS and Letsencrypt/cert-manager Percona Server for MongoDB percona , mongodb	7	1965	May 16, 2023
Mongodb connection failing after auto renew of certificates Percona Operator for MongoDB percona , mongodb	3	843	May 15, 2024

Mongodb operation backup server selection error

Related topics