Cannot restore physical backup if replset is set with requireTLS #1989
Description
Report
We are testing backup and restore with the percona operator with a replset. We have requireTLS set on the replset. We were able to backup the cluster before. Now we have deleted and recreated the cluster and try to restore it. The restore gets stuck as the pbm command exits error.
More about the problem
The mongodb server logs errors like this:
{"t":{"$date":"2025-06-30T20:07:40.934+00:00"},"s":"I", "c":"EXECUTOR", "id":22988, "ctx":"conn637","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"The server is configured to only allow SSL connections"},"remote":"100.96.145.40:53386","connectionId":637}}
I noticed that when I open a shell in one of the pods, the PBM_MONGO_URL does not have any tls related configuration in it.
When I try to run /opt/percona/pbm status it complains that the mongo connection was closed.
Steps to reproduce
- Create a replset (non-shared) cluster with
tls.mode: requireTLS - Create a backup
- Try to restore the backup
- Notice whether the backup can be restored or if the cluster is just left in a useless state
Versions
- Kubernetes v1.30.12
- Operator v1.20.1
- Database mongodb
Anything else?
Here's the psmdb resource yaml, albeit cleaned up a bit to remove stuff specific to us:
https://gist.github.com/dobesv/c2727a9ee382ce80638d61bd0d64ca30
Workaround
Create the cluster with tls mode preferTLS instead of requireTLS.
Potential Fix Ideas
Either PBM should be configured to use the TLS certs or potentially when rebooting into "restore from backup" mode it could override the tls mode passed on the mongod command line to be preferTLS.