Pivotal Knowledge Base

Follow

Pivotal Application Service Backup and Restore Fails due to Missing Streaming mysql-backup-tool Domain

Environment

  • Pivotal Cloud Foundry Version 1.11.22/23 and Version 1.12.10/11 
  • Elastic Runtime (ERT) aka Pivotal Application Service
  • Backup and Restore (BBR) Version 1.1.4

Symptom

After upgrading ERT (PAS) to 1.11.22 or 1.12.10 the BBR ERT backup stopped working due to an issue with the mysql-backup:

2018/01/12 18:06:56 All backups failed. Not able to generate a valid backup artifact. See error(s) below: multiple errors:
Get https://10.91.21.11:8081/backup: x509: certificate is valid for backup_server_certificate, not streaming-mysql-backup-tool
Get https://10.91.21.48:8081/backup: x509: certificate is valid for backup_server_certificate, not streaming-mysql-backup-tool
Get https://10.91.29.9:8081/backup: x509: certificate is valid for backup_server_certificate, not streaming-mysql-backup-tool - exit code 1 

Cause

In ERT 1.11.22 and 1.12.10, a feature improvement was introduced which bumps the mysql-backup-release to v1.38.0.

This release enables mutual Transport Layer Security (TLS) between on the backup node and server and as a result certificates were added to the backups. The streaming-mysql-backup-tool domain was left off of the certificate in the manifest which causes the issue. 

Resolution

If running ERT v1.11.22/23 then you need to upgrade to v1.11.24 and regenerate the non-configurable certificates and then re-applying changes. The steps can be found here https://docs.pivotal.io/pivotalcf/1-11/security/pcf-infrastructure/api-cert-rotation.html#rotate-non-config 

If running ERT v1.12.10/11 then you need to upgrade to v1.12.12 and regenerate the non-configurable certificates and then re-applying changes. The steps can be found here https://docs.pivotal.io/pivotalcf/1-12/security/pcf-infrastructure/api-cert-rotation.html#rotate-non-config

Note: This issue does not affect the PCF 2.0 release.

Comments

Powered by Zendesk