Documentation needs to be improved. (re. SSL/TLS cert connection args)
Description
Environment
relates to
Smart Checklist
Activity
Akira Kurogane November 18, 2019 at 12:50 AM
Documentation has been updated in development branch.
Will close this ticket when that documentation released with v1.1 release of PBM.
Daniel Petersen November 14, 2019 at 6:54 PM
Thanks Akira.
Akira Kurogane November 8, 2019 at 8:25 AMEdited
Hi Daniel.
Rather than use the mongo shell-only argument names we opted from v1.0 to support only the MongoDB connection string URI, which all the drivers and tools starting supporting from roughly the time of v3.6 server.
The tlsCertificateKeyFile and tlsCAFile file path parameters were missing at v3.6 times, but they are supported now in v4.2-compatible drivers. PBM is using v1.1 golang mongo-driver which is one of the v4.2 compatible drivers.
Please use a mongodb://.... URI like the below.
pbm XXXX --mongodb-uri "mongodb://user:passwd@host:port/?<other_parms_eg_replset>&tls=true&tlsCertificateKeyFile=/home/msamoylov/certs/client.pem&tlsCAFile=/home/msamoylov/certs/ca.crt"I haven't got a test cluster using SSL certs set up that I can do a test connection with right now. If it doesn't succeed try connecting with the same "mongodb://..." URI using the v4.2 mongo shell - like the drivers accept the URI it will too, as plain command line argument. (Is also accepted as the --host arg value, in my experience.)
mongo "mongodb://user:passwd@host:port/?<other_parms_eg_replset>&tls=true&tlsCertificateKeyFile=/home/msamoylov/certs/client.pem&tlsCAFile=/home/msamoylov/certs/ca.crt"N.b. you can also set this "mongodb://..." URI string in the PBM_MONGODB_URI environment variable if you want to skip specifying the --mongodb-uri argument on the command line when running "pbm" or "pbm-agent".
Details
Assignee
Borys BelinskyBorys Belinsky(Deactivated)Reporter
Daniel PetersenDaniel PetersenComponents
Fix versions
Affects versions
Priority
Medium
Details
Details
Assignee
Reporter
Components
Fix versions
Affects versions
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Smart Checklist
Hi,
I'm evaluating the tool for the first time and hit several issues in the documentation that are preventing me from using the tool.
*The documentation mentions under the feature list that it supports SSL/TLS, yet no instruction is provided on flags/arguments needed to specify cert files so e.g. `pbm-agent` can connect to a replSet that requires SSL/TLS.
When running mongo, parameters like this can be used:
--ssl --sslCAFile /home/msamoylov/certs/ca.crt --sslPEMKeyFile /home/msamoylov/certs/client.pem
But I see no such guidance in the documentation for the pbm-agent.
Also, running `pbm-agent help` isn't very helpful as it just says:
`help [<command>...]`
yet doesn't enumerate valid commands.
*The architecture section indicates that pbm-agents are run 1:1 for each deployment, and that pbm is used as a one-off command that is run manually for backup, restore, etc. But then at the beginning of Part III "Running Percona Backup for MongoDB" it talks about running one pbm per deployment so that it listens for agents. It doesn't show what parameters it needs. So which is it? Does it need to be run as a service, or is it for manual commands, or is the same executable used for both? It's confusing.