Skip to main content
Solved

Backup of MongoDB Instances with SSL Authentication

  • 28 January 2021
  • 7 replies
  • 827 views

Team,

Does anyone has configure backups for MongoDB instances with SSL configuration.

I followed the documentation available at https://documentation.commvault.com/commvault/v11/article?p=133382.htm but this is not working.

 

Regards,

Mohit

7 replies

S
Rank
Userlevel 7
Badge +15

Hi Mohit

Thank you for the question, please would you provide some more details on the version of Commvault and MongoDB you are using and any error messages being seen?

Thanks,

Stuart

Customer Support
Edd Rimmer
Rank
Userlevel 4
Badge +7

Hey Mohit,

Can you confirm what SSL options you have enabled in the mongod configuration file? Depending on what’s enabled will depend on what options you will need to configure as per the documentation link you have referenced.

When using the mongo client to connect, what parameters are you needing to pass to it?

If possible you can paste your mongod configuration file - removing/scrubbing any sensitive information of course.

Of all the things I've lost, I miss my mind the most
Mohit Chordia
Rank
Userlevel 3
Badge +11

CS, Client, and Media agent version - 11.20.32

MongoDB 

Hi Mohit

Thank you for the question, please would you provide some more details on the version of Commvault and MongoDB you are using and any error messages being seen?

Thanks,

Stuart

CS, Client, and Media agent version - 11.20.32

MongoDB Version - v4.0.19

Configuration -

PEMKeyFile: /u01/app/mongodb/admin/27052/ssl/PEMKeyfile.pem

CAFile: /u01/app/mongodb/admin/27052/ssl/CAFile.pem

PemKeyPassword : None( leave this empty)

Error - Failed to find cluster nodes while performing Discovery in the instance.

CVD logs while doing discovery :

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(105) - dbUser=[mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(110) - Port Number=27052

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(121) - Fetching client info

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(130) - Client Id=[16913] Name=[or1010050184124] Host=[or1010050184124] eHost=[or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::ReadSocketTimeoutAdditionalSetting(232) - Using default socket timeout for mongoc driver connections

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(142) - Starting Discover Host=<or1010050184124> Port=<27052>

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1823) - Starting discover using hostname [or1010050184124] port [27052] user [mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::RunMongoCmd(1151) - Running cmd [mongod --version]

24275 2173 01/28 09:58:48 ### CvProcess::system() - /u01/app/mongodb/product/4.0/bin/mongod --version 2>&1

24275 2173 01/28 09:58:48 ### CvProcess::system() - Command completed with rc=0

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::GetMongoDBServerVersion(1726) - Found MongoDB server version [v4.0.19]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [or1010050184124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [10.50.184.124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1834) - Failed to validate master node hostname [or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(144) - retCode from Discover = 1

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(164) - XML=[ <?xml version="1.0" encoding="UTF-8" standalone="no" ?><App_MongoDBConfig/> ]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(176) - MachineBrowse Finished -- Path = /

Mohit Chordia
Rank
Userlevel 3
Badge +11

Hey Mohit,

Can you confirm what SSL options you have enabled in the mongod configuration file? Depending on what’s enabled will depend on what options you will need to configure as per the documentation link you have referenced.

When using the mongo client to connect, what parameters are you needing to pass to it?

If possible you can paste your mongod configuration file - removing/scrubbing any sensitive information of course.

I passed the below configuration as additional settings in the commcell client computer group.

bEnableMongoSSL : True

PEMKeyFile: /u01/app/mongodb/admin/27052/ssl/PEMKeyfile.pem

CAFile: /u01/app/mongodb/admin/27052/ssl/CAFile.pem

PemKeyPassword : None( leave this empty)

Error - Failed to find cluster nodes while performing Discovery in the instance( commcell console)

CVD logs while doing discovery :

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(105) - dbUser=[mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(110) - Port Number=27052

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(121) - Fetching client info

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(130) - Client Id=[16913] Name=[or1010050184124] Host=[or1010050184124] eHost=[or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::ReadSocketTimeoutAdditionalSetting(232) - Using default socket timeout for mongoc driver connections

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(142) - Starting Discover Host=<or1010050184124> Port=<27052>

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1823) - Starting discover using hostname [or1010050184124] port [27052] user [mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::RunMongoCmd(1151) - Running cmd [mongod --version]

24275 2173 01/28 09:58:48 ### CvProcess::system() - /u01/app/mongodb/product/4.0/bin/mongod --version 2>&1

24275 2173 01/28 09:58:48 ### CvProcess::system() - Command completed with rc=0

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::GetMongoDBServerVersion(1726) - Found MongoDB server version [v4.0.19]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [or1010050184124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [10.50.184.124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1834) - Failed to validate master node hostname [or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(144) - retCode from Discover = 1

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(164) - XML=[ <?xml version="1.0" encoding="UTF-8" standalone="no" ?><App_MongoDBConfig/> ]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(176) - MachineBrowse Finished -- Path = /

 

Edd Rimmer
Rank
Userlevel 4
Badge +7

Hey Rohit,

Sorry for the delay here - I’m not sure if you’re using the all the correct additinal settings . Can you confirm how you’re logging in with the mongo client? What parameters are used? Also - please confirm all SSL related settings in the monod config file.

Of all the things I've lost, I miss my mind the most
Mohit Chordia
Rank
Userlevel 3
Badge +11

Thank you . I raised a case with support and they helped me with the resolution of this issue.

Hosts has “cname” which is recognizable by database , when I updated the hostname in commcell to there cname , discovery works fine.

Edd Rimmer
Rank
Userlevel 4
Badge +7

Hey Mogit,

That’s good to hear!

If you could mark this thread as answered that would be great.

 

Of all the things I've lost, I miss my mind the most

Reply


Terms & ConditionsCookie settings