Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Xtrabackup Streaming backups failing after OS patching to Nov snapshot.

Description

Hi Team ,

Recently we patched our one of the host running EL7 to Nov shapshot (3.10.0-1160.102.1.0.1.el7).

After patching we noticed our mysql backups using xtrabackup xbcloud/xbstream started failing with some NSS issue.

We noticed that the Nov snaphost has some updates on NSS.

Here is the error:

  •   Trying <IP>...

  • Connected to <some endpoint> (IP) port <port> (#0)

  • Initializing NSS with certpath: sql:/etc/pki/nssdb

  • Unable to initialize NSS database

  • Initializing NSS with certpath: none

  • Unable to initialize NSS

  • Closing connection 0
    error: http request failed: Problem with the SSL CA cert (path? access rights?)

Are you familiar of any issue like this? 

The only thing that is changed is the OS patch and no changed to mysql or xtrabackup binaries.

Issue occurs irrespective of mysql version or xtrabackup version.

Environment

All

Activity

Aaditya Dubey February 29, 2024 at 8:41 AM

Hi

Closing the report since there is no further activity; thank you for connecting with Percona!

Aaditya Dubey December 6, 2023 at 1:27 PM

Hi ,

Please let us know if you looking for more help on the topic?

Hussain November 29, 2023 at 8:19 PM

succeeds here. 

export LD_LIBRARY_PATH=/lib64:/home/mysqld/sys/5.7.39_percona/lib:

::/home/mysqld> curl -vvv <endpoint>:3000      

  • About to connect() to <endpoint> port 3000 (#0)

  •   Trying <IP>...

  • Connected to <endpoint> (<IP>) port 3000 (#0)

  • Initializing NSS with certpath: sql:/etc/pki/nssdb

  •   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none

  • skipping SSL peer certificate verification

  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    ..........
    ..........
    ..........

Hussain November 29, 2023 at 8:19 PM

Hi Marcelo:

We identified that curl is not changed in recent os patch and there was a change in nss libraries.

My take : Issue only occurs when xbcloud intitiates the upload stream to s3 and it uses the nss libraries of xtrabackup and fails. It does not fail when it used the system nss libraries.

 

::/home/mysqld> echo $LD_LIBRARY_PATH
/home/mysqld/sys/5.7.39_percona/lib:

PROD:378::/home/mysqld> curl -vvv <endpoint>:3000 --cacert /etc/ssl/certs/ca-bundle.crt

  • About to connect() to <endpoint> port 3000 (#0)

  •   Trying <IP>...

  • Connected to <endpoint> (<IP>) port 3000 (#0)

  • Initializing NSS with certpath: sql:/etc/pki/nssdb

  • Unable to initialize NSS database

  • Initializing NSS with certpath: none

  • Unable to initialize NSS

  • Closing connection 0
    curl: (77) Problem with the SSL CA cert (path? access rights?)

 

 

 

 

Hussain November 29, 2023 at 4:13 PM

Thanks. 

Let me try the options you suggested and i will revert back.  Thanks once again

Done

Details

Assignee

Reporter

Labels

Regression Issue

Yes

Needs QA

Yes

Affects versions

Priority

Smart Checklist

Created November 29, 2023 at 3:45 PM
Updated March 6, 2024 at 6:01 PM
Resolved February 29, 2024 at 8:41 AM