Skip to main content
Solved

Backup of MongoDB Instances with SSL Authentication

  • January 28, 2021
  • 7 replies
  • 875 views

Mohit Chordia
Byte
Forum|alt.badge.img+11

Team,

Does anyone has configure backups for MongoDB instances with SSL configuration.

I followed the documentation available at https://documentation.commvault.com/commvault/v11/article?p=133382.htm but this is not working.

 

Regards,

Mohit

Best answer by Mohit Chordia

Thank you . I raised a case with support and they helped me with the resolution of this issue.

Hosts has “cname” which is recognizable by database , when I updated the hostname in commcell to there cname , discovery works fine.

View original
Did this answer your question?

7 replies

Forum|alt.badge.img+15

Hi Mohit

Thank you for the question, please would you provide some more details on the version of Commvault and MongoDB you are using and any error messages being seen?

Thanks,

Stuart


Edd Rimmer
Vaulter
Forum|alt.badge.img+7
  • Vaulter
  • 58 replies
  • January 28, 2021

Hey Mohit,

Can you confirm what SSL options you have enabled in the mongod configuration file? Depending on what’s enabled will depend on what options you will need to configure as per the documentation link you have referenced.

When using the mongo client to connect, what parameters are you needing to pass to it?

If possible you can paste your mongod configuration file - removing/scrubbing any sensitive information of course.


Mohit Chordia
Byte
Forum|alt.badge.img+11

CS, Client, and Media agent version - 11.20.32

MongoDB 

Stuart Painter wrote:

Hi Mohit

Thank you for the question, please would you provide some more details on the version of Commvault and MongoDB you are using and any error messages being seen?

Thanks,

Stuart

CS, Client, and Media agent version - 11.20.32

MongoDB Version - v4.0.19

Configuration -

PEMKeyFile: /u01/app/mongodb/admin/27052/ssl/PEMKeyfile.pem

CAFile: /u01/app/mongodb/admin/27052/ssl/CAFile.pem

PemKeyPassword : None( leave this empty)

Error - Failed to find cluster nodes while performing Discovery in the instance.

CVD logs while doing discovery :

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(105) - dbUser=[mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(110) - Port Number=27052

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(121) - Fetching client info

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(130) - Client Id=[16913] Name=[or1010050184124] Host=[or1010050184124] eHost=[or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::ReadSocketTimeoutAdditionalSetting(232) - Using default socket timeout for mongoc driver connections

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(142) - Starting Discover Host=<or1010050184124> Port=<27052>

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1823) - Starting discover using hostname [or1010050184124] port [27052] user [mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::RunMongoCmd(1151) - Running cmd [mongod --version]

24275 2173 01/28 09:58:48 ### CvProcess::system() - /u01/app/mongodb/product/4.0/bin/mongod --version 2>&1

24275 2173 01/28 09:58:48 ### CvProcess::system() - Command completed with rc=0

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::GetMongoDBServerVersion(1726) - Found MongoDB server version [v4.0.19]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [or1010050184124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [10.50.184.124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1834) - Failed to validate master node hostname [or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(144) - retCode from Discover = 1

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(164) - XML=[ <?xml version="1.0" encoding="UTF-8" standalone="no" ?><App_MongoDBConfig/> ]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(176) - MachineBrowse Finished -- Path = /


Mohit Chordia
Byte
Forum|alt.badge.img+11
Edd Rimmer wrote:

Hey Mohit,

Can you confirm what SSL options you have enabled in the mongod configuration file? Depending on what’s enabled will depend on what options you will need to configure as per the documentation link you have referenced.

When using the mongo client to connect, what parameters are you needing to pass to it?

If possible you can paste your mongod configuration file - removing/scrubbing any sensitive information of course.

I passed the below configuration as additional settings in the commcell client computer group.

bEnableMongoSSL : True

PEMKeyFile: /u01/app/mongodb/admin/27052/ssl/PEMKeyfile.pem

CAFile: /u01/app/mongodb/admin/27052/ssl/CAFile.pem

PemKeyPassword : None( leave this empty)

Error - Failed to find cluster nodes while performing Discovery in the instance( commcell console)

CVD logs while doing discovery :

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(105) - dbUser=[mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(110) - Port Number=27052

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(121) - Fetching client info

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(130) - Client Id=[16913] Name=[or1010050184124] Host=[or1010050184124] eHost=[or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::ReadSocketTimeoutAdditionalSetting(232) - Using default socket timeout for mongoc driver connections

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(142) - Starting Discover Host=<or1010050184124> Port=<27052>

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1823) - Starting discover using hostname [or1010050184124] port [27052] user [mongocommbackup]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::RunMongoCmd(1151) - Running cmd [mongod --version]

24275 2173 01/28 09:58:48 ### CvProcess::system() - /u01/app/mongodb/product/4.0/bin/mongod --version 2>&1

24275 2173 01/28 09:58:48 ### CvProcess::system() - Command completed with rc=0

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::GetMongoDBServerVersion(1726) - Found MongoDB server version [v4.0.19]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [or1010050184124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on 'or1010050184124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Connect(497) - Connected to [10.50.184.124:27052]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::RunCommand(566) - database:[admin], command:[{"ping" : 1}], slaveOK:[true]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbConnection::Impl::RunCommand(317) - [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4567) - Failed to execute command [{"ping" : 1}]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::_RunMongoAdminCmd(4568) - Error: [Run admin command failed, error message: [No suitable servers found (`serverSelectionTryOnce` set): [TLS handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed calling ismaster on '10.50.184.124:27052']]]

24275 2173 01/28 09:58:48 ### MongoDbIDA::MongoDbUtil::Discover(1834) - Failed to validate master node hostname [or1010050184124]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(144) - retCode from Discover = 1

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(164) - XML=[ <?xml version="1.0" encoding="UTF-8" standalone="no" ?><App_MongoDBConfig/> ]

24275 2173 01/28 09:58:48 ### MongoDbIDA::CClientBrowse::MachineBrowse(176) - MachineBrowse Finished -- Path = /

 


Edd Rimmer
Vaulter
Forum|alt.badge.img+7
  • Vaulter
  • 58 replies
  • February 4, 2021

Hey Rohit,

Sorry for the delay here - I’m not sure if you’re using the all the correct additinal settings . Can you confirm how you’re logging in with the mongo client? What parameters are used? Also - please confirm all SSL related settings in the monod config file.


Mohit Chordia
Byte
Forum|alt.badge.img+11
  • Author
  • Byte
  • 109 replies
  • Answer
  • February 8, 2021

Thank you . I raised a case with support and they helped me with the resolution of this issue.

Hosts has “cname” which is recognizable by database , when I updated the hostname in commcell to there cname , discovery works fine.


Edd Rimmer
Vaulter
Forum|alt.badge.img+7
  • Vaulter
  • 58 replies
  • February 8, 2021

Hey Mogit,

That’s good to hear!

If you could mark this thread as answered that would be great.

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings