In this previous percona blog series, We continuing about Percona Backup for MongDB installation with SSL/TLS
We are going to explain easy ways to configure pbm agent ,
- Install the pbm package
- Configure the authentication for MongoDB
- Configure MongoDB Connection URI for pbm agent
What is Percona backup for MongoDB ?
Percona Backup for MongoDB is the command line interface to take backup and restore mongodb , and we can configure , automate and manage mongodb backup and restore process much easier
But in this we had big trouble with SSL/TLS enabled x509 authentication in mongodb connection
Myself and Krishnakumar Mani struggling to find the solution to take backup of Percona Server for MongoDB long time with SSL/TLS mongodb connection
Without SSL/TLS its working as expected and we are able to take the backup . But with latest ( Percona for MongoDB Version 4 and above ) versions its always throwing unhandled error like below ,
Last error: connection() : x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0After two weeks of troubleshooting , we found issue with SSL connectivity and once we tried to use TLS connection able to take backup and restore successfully .
We will go with one by one steps for configuring the pbm agent
Install the pbm package
In first , We will Install Percona Backup for MongoDB ( pbm ) . Its easiest method install from repository
root@mongoprimary:~# sudo percona-release enable pbm releaseOnce enabled , update the local package in ubuntu
root@mongoprimary:~# sudo apt updateNext , Install the Percona Backup for MongoDB
root@mongoprimary:~# sudo apt install percona-backup-mongodbConfigure the authentication for MongoDB
To create backup , mongodb authentication is required and for the same needs to create required privileged user and password in mongodb
As per percona sites , create role to perform anyaction on mongodb instance
rs01:PRIMARY> use admin
switched to db admin
rs01:PRIMARY> db.getSiblingDB("admin").createRole(
{ "role": "pbmAnyServerAction",
"privileges": [
{ "resource": { "anyResource": true },
"actions": [ "anyAction" ]}],"roles": []});
rs01:PRIMARY>Create pbm user and password with required privileges ,
rs01:PRIMARY> db.getSiblingDB("admin").createUser({user: "pbmadmin",
"pwd": "******",
"roles" : [
{ "db" : "admin", "role" : "readWrite", "collection": "" },
{ "db" : "admin", "role" : "backup" },
{ "db" : "admin", "role" : "clusterMonitor" },
{ "db" : "admin", "role" : "restore" },
{ "db" : "admin", "role" : "pbmAnyServerAction" }]});
rs01:PRIMARY>Configure MongoDB Connection URI for pbm agent
Note : Even for standalone instance , pbm agent URI expects replication parameter needs to be passed . Otherwise we will get the below error,
2022–01–17T16:15:57.000+0000 E [agentCheckup] get replSetGetStatus: get replset status: run mongo command replSetGetStatus: (NoReplicationEnabled) not running with — replSet
In this case enabled replication as rs01 in config file and initialized for single node
We have tried multiple options to configure mongodb connection URI , but unable to setup and run the agent in any ways , we have got connection error as always or with nohup method we need to run the connection URI . But that's not feasible solution to go with ,
Finally one options is suited well to run the agent at any cost without hassles , as mentioned previous blog we are using ubuntu so added mongodb URI connection in environment variable itself ,
root@mongoprimary:~# vi ~/.bashrc# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
export PBM_MONGODB_URI="mongodb://pbmadmin:****@mongoprimary:27017/?authSource=admin&replicaSet=rs01&tls=true&tlsCAFile=/etc/mongodb/ssl/mongoCA.crt&tlsCertificateKeyFile=/etc/mongodb/ssl/mongoprimary.pem"
# Below command is to ignore common error in openssl
export GODEBUG=x509ignoreCN=0root@mongoprimary:~# vi /etc/default/pbm-agentAdd below line and change permission for pbm-agent file export PBM_MONGODB_URI="mongodb://pbmadmin:****@mongoprimary:27017/?authSource=admin&replicaSet=rs01&tls=true&tlsCAFile=/etc/mongodb/ssl/mongoCA.crt&tlsCertificateKeyFile=/etc/mongodb/ssl/mongoprimary.pem"
root@mongoprimary:~# chown pbm:pbm /etc/default/pbm-agentAnd restart the pbm-agent service
We have tested with multiple reboot and stop start service of pbm agent , pbm commands are working as expected
As per the percona , we need to configure the systemctl service as well
In ubnutu edit the /lib/systemd/system/pbm-agent.service file with below details ,
[Unit]
Description=pbm-agent
After=time-sync.target network.target
[Service]
EnvironmentFile=-/etc/default/pbm-agent
Type=simple
User=pbm
Group=pbm
PermissionsStartOnly=true
ExecStart=/usr/bin/pbm-agent
[Install]
WantedBy=multi-user.targetOnce everything is ready , prepare the configuration YAML file to take backup wherever we required ,
- Create pbm_config.yaml configuration file , as per our requirement taking backup into Azure Blobs . Also we can take backup into local file system and AWS S3
backup:
priority:
"mongoprimary:27017": 0.5pitr:
enabled: true
oplogSpanMin: 5storage:
type: azure
azure:
account: *********
container: *********
prefix: pbm
credentials:
key: *********restore:
batchSize: 500
numInsertionWorkers: 10
Including backup additional parameters are configured , please go though those in https://docs.percona.com/percona-backup-mongodb/configuration-options.html official link
2. Insert the configuration values to take backup
root@mongoprimary:~# chown -R pbm:pbm pbm_config.yamlroot@mongoprimary:~# pbm config --file pbm_config.yaml
3.Start the pbm agent service and if any errors please check in logs
root@mongoprimary:~# sudo systemctl start pbm-agentroot@mongoprimary:~# sudo systemctl enable pbm-agentIf any errors ,root@mongoprimary:~# journalctl -u pbm-agent.service
4.Verify the pbm status
root@mongoprimary:# pbm status
Cluster:
========
rs01:
- rs01/mongoprimary:27017: pbm-agent v1.6.1 OKPITR incremental backup:
========================
Status [ON]Currently running:
==================
(none)Backups:
========
Azure 'https://*******************/pbm'
Snapshots:
2022-01-12T10:01:06Z 136.49KB [complete: 2022-01-12T10:01:11]
2022-01-12T09:53:09Z 134.82KB [complete: 2022-01-12T09:53:14]
2022-01-12T09:41:12Z 132.46KB [complete: 2022-01-12T09:41:17]
2022-01-12T09:38:17Z 131.05KB [complete: 2022-01-12T09:38:22]
2022-01-12T08:51:19Z 125.26KB [complete: 2022-01-12T08:51:23]
root@mongoprimary:#
Once all setup completed . we can proceed the backup to remote storage
5.Take the backup
root@db-mongodb-primary:# pbm backup
Starting backup '2022-01-12T10:01:06Z'...
Backup '2022-01-12T10:01:06Z' to remote store 'https://****/pbm' has started6.Once backup is completed we can list completed backups
root@db-mongodb-primary:# pbm list
Backup snapshots:
2022-01-12T08:50:56Z [complete: 2022-01-12T08:51:00]
2022-01-12T08:51:19Z [complete: 2022-01-12T08:51:23]
2022-01-12T09:38:17Z [complete: 2022-01-12T09:38:22]
2022-01-12T09:41:12Z [complete: 2022-01-12T09:41:17]
2022-01-12T09:53:09Z [complete: 2022-01-12T09:53:14]PITR <on>:
2022-01-09T16:04:49 - 2022-01-12T09:53:14
Also , in our production system configured the backup for cluster environment , Below is the pbm status for reference
root@db-mongodb-primary:# pbm status
Cluster:
========
ust-replication:
- ust-replication/mongodbprimary:27017: pbm-agent v1.6.1 OK
- ust-replication/mongodbreplica01:27017: pbm-agent v1.6.1 OKPITR incremental backup:
========================
Status [ON]Currently running:
==================
(none)Backups:
========
Azure https://******************/pbm
Snapshots:
2022-01-12T10:01:06Z 136.49KB [complete: 2022-01-12T10:01:11]
2022-01-12T09:53:09Z 134.82KB [complete: 2022-01-12T09:53:14]
2022-01-12T09:41:12Z 132.46KB [complete: 2022-01-12T09:41:17]
2022-01-12T09:38:17Z 131.05KB [complete: 2022-01-12T09:38:22]
PITR chunks [288.20KB]:
2022-01-09T16:04:49 - 2022-01-12T10:16:18
References :
1.https://docs.percona.com/percona-backup-mongodb/initial-setup.html
