Support twindb backup with FIPS mode

[Crimrose]

• TwinDB Backup version: 2.18.3-1
• Operating System: Centos 7

Description

Twindb backup doesn't work if server enables FIPS mode

twindb-backup --xtrabackup-binary=/usr/bin/xtrabackup --debug backup hourly
3trickle: Could not reach trickled, working independently: No such file or directory
42021-12-17 06:08:19,897: DEBUG: backup.run_backup_job():380: hourly
52021-12-17 06:08:21,968: DEBUG: backup.set_open_files_limit():304: Setting max files limit to 1048577
62021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():41: Looking a parent candidate for hourly run
72021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():47: Checking 0 hourly copies
82021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():47: Checking 0 daily copies
92021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():47: Checking 0 weekly copies
102021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():47: Checking 0 monthly copies
112021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():47: Checking 0 yearly copies
122021-12-17 06:08:24,986: DEBUG: mysql_status.candidate_parent():56: No eligible parents
132021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():41: Looking a parent candidate for hourly run
142021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():47: Checking 0 hourly copies
152021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():47: Checking 0 daily copies
162021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():47: Checking 0 weekly copies
172021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():47: Checking 0 monthly copies
182021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():47: Checking 0 yearly copies
192021-12-17 06:08:24,987: DEBUG: mysql_status.candidate_parent():56: No eligible parents
202021-12-17 06:08:24,987: DEBUG: backup.backup_mysql():146: Creating source {'backup_type': 'full', 'dst': <twindb_backup.destination.s3.S3 object at 0x7f81876ed090>, 'xtrabackup_binary': u'/usr/bin/xtrabackup'}
212021-12-17 06:08:24,987: DEBUG: backup._backup_stream():73: keep_local_path is not present in the config file
222021-12-17 06:08:24,987: DEBUG: base_source._get_name():63: Suffix = xbstream.gz
232021-12-17 06:08:24,990: DEBUG: mysql_source.is_galera():466: Galera is not supported or not enabled
242021-12-17 06:08:24,990: DEBUG: mysql_source.get_stream():193: Running /usr/bin/xtrabackup --defaults-file=/root/.my.cnf --stream=xbstream --host=127.0.0.1 --backup --target-dir .
252021-12-17 06:08:24,992: DEBUG: mysql_source.is_galera():466: Galera is not supported or not enabled
262021-12-17 06:08:24,992: DEBUG: mysql_source.get_stream():199: Running /usr/bin/xtrabackup --defaults-file=/root/.my.cnf --stream=xbstream --host=127.0.0.1 --backup --target-dir .
272021-12-17 06:08:24,998: DEBUG: base.get_stream():41: Running pigz -9 -p 4 -c -
282021-12-17 06:08:25,003: DEBUG: s3._upload_object():461: Generating S3 transfer config
292021-12-17 06:08:25,003: DEBUG: s3._upload_object():464: Starting to stream to s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-17_06_08_24.xbstream.gz
302021-12-17 06:08:25,374: DEBUG: s3._upload_object():470: Successfully streamed to s3://mysql-backups/server_name /hourly/mysql/mysql-2021-12-17_06_08_24.xbstream.gz
312021-12-17 06:08:25,374: DEBUG: s3._validate_upload():489: Validating upload to s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-17_06_08_24.xbstream.gz
322021-12-17 06:08:25,406: DEBUG: s3._validate_upload():495: Upload successfully validated
332021-12-17 06:08:25,407: DEBUG: s3.save():372: Returning code 0
342021-12-17 06:08:25,408: ERROR: mysql_source.get_stream():209: Failed to run xtrabackup. Check error output in /tmp/tmpwQ0Hvu
35xtrabackup: recognized client arguments: --user=root --host=localhost --password=* --socket=/var/lib/mysql/mysql.sock --stream=xbstream --host=127.0.0.1 --backup=1 --target-dir=.
36/usr/bin/xtrabackup version 8.0.26-18 based on MySQL server 8.0.26 Linux (x86_64) (revision id: 4aecf82)
37211217 06:08:25  version_check Connecting to MySQL server with DSN 'dbi:mysql:;mysql_read_default_group=xtrabackup;host=127.0.0.1;mysql_socket=/var/lib/mysql/mysql.sock' as 'root'  (using password: YES).
38sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!
39211217 06:08:25 Connecting to MySQL server host: 127.0.0.1, user: root, password: set, port: not set, socket: /var/lib/mysql/mysql.sock
40Failed to connect to MySQL server: Access denied for user 'root'@'127.0.0.1' (using password: YES).
412021-12-17 06:08:25,408: DEBUG: base_source._get_name():63: Suffix = xbstream.gz
422021-12-17 06:08:25,530: DEBUG: s3.delete():133: deleting s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-17_06_08_24.xbstream.gz

What I Did

I added these line in the code of twindb to enable fips mode

        cmd = [
2            self._xtrabackup,
3            "--defaults-file=%s" % self._connect_info.defaults_file,
4            "--stream=xbstream",
5            "--host=127.0.0.1",
6            "--ssl-fips-mode=ON",
7            "--backup"
8        ]

But the result still not good

2021-12-30 02:12:02,829: DEBUG: backup.run_backup_job():380: hourly
32021-12-30 02:12:04,690: DEBUG: backup.set_open_files_limit():304: Setting max files limit to 1048577
42021-12-30 02:12:04,907: DEBUG: mysql_status.candidate_parent():41: Looking a parent candidate for hourly run
52021-12-30 02:12:04,907: DEBUG: mysql_status.candidate_parent():47: Checking 0 hourly copies
62021-12-30 02:12:04,907: DEBUG: mysql_status.candidate_parent():47: Checking 0 daily copies
72021-12-30 02:12:04,907: DEBUG: mysql_status.candidate_parent():47: Checking 0 weekly copies
82021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 monthly copies
92021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 yearly copies
102021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():56: No eligible parents
112021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():41: Looking a parent candidate for hourly run
122021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 hourly copies
132021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 daily copies
142021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 weekly copies
152021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 monthly copies
162021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():47: Checking 0 yearly copies
172021-12-30 02:12:04,908: DEBUG: mysql_status.candidate_parent():56: No eligible parents
182021-12-30 02:12:04,908: DEBUG: backup.backup_mysql():146: Creating source {'backup_type': 'full', 'dst': <twindb_backup.destination.s3.S3 object at 0x7f984a7d8fd0>, 'xtrabackup_binary': u'/usr/bin/xtrabackup'}
192021-12-30 02:12:04,908: DEBUG: backup._backup_stream():73: keep_local_path is not present in the config file
202021-12-30 02:12:04,908: DEBUG: base_source._get_name():63: Suffix = xbstream.gz
212021-12-30 02:12:04,911: DEBUG: mysql_source.is_galera():469: Galera is not supported or not enabled
222021-12-30 02:12:04,911: DEBUG: mysql_source.get_stream():196: Running /usr/bin/xtrabackup --defaults-file=/root/.my.cnf --stream=xbstream --host=127.0.0.1 --ssl-fips-mode=ON --backup --target-dir .
232021-12-30 02:12:04,913: DEBUG: mysql_source.is_galera():469: Galera is not supported or not enabled
242021-12-30 02:12:04,913: DEBUG: mysql_source.get_stream():202: Running /usr/bin/xtrabackup --defaults-file=/root/.my.cnf --stream=xbstream --host=127.0.0.1 --ssl-fips-mode=ON --backup --target-dir .
252021-12-30 02:12:04,918: DEBUG: base.get_stream():41: Running pigz -9 -p 4 -c -
262021-12-30 02:12:04,923: DEBUG: s3._upload_object():461: Generating S3 transfer config
272021-12-30 02:12:04,923: DEBUG: s3._upload_object():464: Starting to stream to s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-30_02_12_04.xbstream.gz
282021-12-30 02:12:05,192: DEBUG: s3._upload_object():470: Successfully streamed to s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-30_02_12_04.xbstream.gz
292021-12-30 02:12:05,192: DEBUG: s3._validate_upload():489: Validating upload to s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-30_02_12_04.xbstream.gz
302021-12-30 02:12:05,218: DEBUG: s3._validate_upload():495: Upload successfully validated
312021-12-30 02:12:05,219: DEBUG: s3.save():372: Returning code 0
322021-12-30 02:12:05,219: ERROR: mysql_source.get_stream():212: Failed to run xtrabackup. Check error output in /tmp/tmpaXWbwT
33xtrabackup: recognized client arguments: --user=root --host=localhost --password=* --socket=/var/lib/mysql/mysql.sock --stream=xbstream --host=127.0.0.1 --backup=1 --target-dir=.
34/usr/bin/xtrabackup version 8.0.26-18 based on MySQL server 8.0.26 Linux (x86_64) (revision id: 4aecf82)
35211230 02:12:05  version_check Connecting to MySQL server with DSN 'dbi:mysql:;mysql_read_default_group=xtrabackup;host=127.0.0.1;mysql_socket=/var/lib/mysql/mysql.sock' as 'root'  (using password: YES).
36sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call to digest SHA1 forbidden in FIPS mode!
37211230 02:12:05 Connecting to MySQL server host: 127.0.0.1, user: root, password: set, port: not set, socket: /var/lib/mysql/mysql.sock
38Failed to connect to MySQL server: Access denied for user 'root'@'127.0.0.1' (using password: YES).
392021-12-30 02:12:05,219: DEBUG: base_source._get_name():63: Suffix = xbstream.gz
402021-12-30 02:12:05,342: DEBUG: s3.delete():133: deleting s3://mysql-backups/server_name/hourly/mysql/mysql-2021-12-30_02_12_04.xbstream.gz

Can you help me to make twindb work with server enable FIPS mode?