TLS was never really supported, see:
https://wikitech.wikimedia.org/wiki/Help:Wiki_Replicas#TLS_connection_failuresSo my guess so far is that the mariadb-dump client in the latest images might be trying to enable it by default. If you open a task we can try to follow up, see if there's maybe a way to change that default behavior (or at least update the wiki page if not). On 09/03 08:35, Sebastian Berlin wrote: > Thanks for the suggestion. > > I'm still hoping that someone can clarify why this started to happen. > Previously it's worked without any issues. I don't know heaps about > certificates, but it looks to me like this is something that could affect > more than just me trying to dump a database. > > *Sebastian Berlin* > Utvecklare/*Developer* > Wikimedia Sverige (WMSE) > > E-post/*E-Mail*: [email protected] > Telefon/*Phone*: (+46) 0707 - 92 03 84 > > > On Mon, 1 Sept 2025 at 09:50, Travis Briggs <[email protected]> wrote: > > > Try adding --skip-ssl-verify-server-cert > > > > Cheers, > > -Travis > > > > On Sun, Aug 31, 2025 at 11:55 PM Sebastian Berlin < > > [email protected]> wrote: > > > >> I'm trying to make a database dump for a tool on Toolforge using the > >> command from Help:Toolforge/ToolsDB > >> <https://wikitech.wikimedia.org/wiki/Help:Toolforge/ToolsDB#Backups>: > >> toolforge jobs run --command "umask o-r; ( mariadb-dump > >> --defaults-file=~/replica.my.cnf > >> --host=tools-readonly.db.svc.wikimedia.cloud s56581__declaration_journal > > >> ~/declaration_journal-$(date -I).sql )" --image mariadb backup > >> > >> The job fails and the error log shows: > >> > >> mariadb-dump: Got error: 2026: "TLS/SSL error: Certificate verification > >> failure: The certificate is NOT trusted." when trying to connect > >> > >> > >> *Sebastian Berlin* > >> Utvecklare/*Developer* > >> Wikimedia Sverige (WMSE) > >> > >> E-post/*E-Mail*: [email protected] > >> Telefon/*Phone*: (+46) 0707 - 92 03 84 > >> _______________________________________________ > >> Cloud mailing list -- [email protected] > >> List information: > >> https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/ > >> > > _______________________________________________ > > Cloud mailing list -- [email protected] > > List information: > > https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/ > > > _______________________________________________ > Cloud mailing list -- [email protected] > List information: > https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/ -- David Caro SRE - Cloud Services Wikimedia Foundation <https://wikimediafoundation.org/> PGP Signature: 7180 83A2 AC8B 314F B4CE 1171 4071 C7E1 D262 69C3 "Imagine a world in which every single human being can freely share in the sum of all knowledge. That's our commitment."
signature.asc
Description: PGP signature
_______________________________________________ Cloud mailing list -- [email protected] List information: https://lists.wikimedia.org/postorius/lists/cloud.lists.wikimedia.org/
