Backup fails for DBs 'Barman cloud WAL archive check exception: SSL validation failed'

[zoe-tek]

Trying to implement backups for all the DBs using the edb operator, but logs are saying the file or directory does not exist. i have even manually created a folder in the bucket. We are using storagegrid for s3.
i have tried without a folder, adding and removing "/". i know the CA/ssl is good as it would give me a different error until i added the endpointCA. Hoping someone will see what i am missing. I can upload files with the same key that edb is using.

{"level":"info","ts":"2024-11-01T14:32:52Z","logger":"barman-cloud-check-wal-archive","msg":"2024-11-01 14:32:52,221 [131253] ERROR: Barman cloud WAL archive check exception: SSL validation failed for https://***/kubic-oauth2demo-edb-backup-test-bucket-69lwt [Errno 2] No such file or directory","pipe":"stderr","logging_pod":"pg-backup-test-rjhl2-8g78z-1"}

{"level":"error","ts":"2024-11-01T14:32:52Z","logger":"wal-archive","msg":"Error invoking barman-cloud-check-wal-archive","logging_pod":"pg-backup-test-rjhl2-8g78z-1","currentPrimary":"pg-backup-test-rjhl2-8g78z-1","targetPrimary":"pg-backup-test-rjhl2-8g78z-1","options":["--endpoint-url","https://***","--cloud-provider","aws-s3","s3://kubic-oauth2demo-edb-backup-test-bucket-69lwt/backup/","pg-backup-test-rjhl2-8g78z"],"exitCode":-1,"error":"exit status 4","stacktrace":"github.com/EnterpriseDB/cloud-native-postgres/pkg/management/log.(*logger).Error\n\tpkg/management/log/log.go:125\ngithub.com/EnterpriseDB/cloud-native-postgres/pkg/management/barman/archiver.(*WALArchiver).CheckWalArchiveDestination\n\tpkg/management/barman/archiver/archiver.go:257\ngithub.com/EnterpriseDB/cloud-native-postgres/internal/cmd/manager/walarchive.checkWalArchive\n\tinternal/cmd/manager/walarchive/cmd.go:417\ngithub.com/EnterpriseDB/cloud-native-postgres/internal/cmd/manager/walarchive.run\n\tinternal/cmd/manager/...

I think i have gotten down to the last issue. I don't think edb is loading the CA, i would think it would be on the pod somewhere but i can't find it. i have it in the config as this.

endpointCA:
  key: ca
  name: ca-bundle.crt

I can find the ca at /etc/pki/tls/certs/ca-bundle.crt so i'm not sure is this an issue with EDB or barman. i don't see any command options to set a CA to use.

[martinmarques]

When you say EDB, what exactly are you referring to? Is that the CNPG operator? You probably need to ask in CNPG community channels (there's Slack and GitHub for issues, but I'd go to Slack first) to check that your cnpg configuration is sane.

[zoe-tek]

EDB Postgres for Kubernetes
1.23.2 provided by The EDB Postgres for Kubernetes Contributors
This is the link it has in Openshift https://www.enterprisedb.com/docs/postgres_for_kubernetes/latest/

We have it running in another cluster for a different network but the configs are the same. Is barman hardcoded to use a cert from a certain directory? Maybe my other network has our root ca loaded on all the pods in a different place?

[zoe-tek]

if i change the address to http instead for https i get the error in here #770