From d79650e4525faeea3e750eaf9c729be4a5ef1d93 Mon Sep 17 00:00:00 2001 From: yurkovychv Date: Mon, 11 Aug 2025 18:27:06 +0300 Subject: [PATCH 1/4] PMM-14184 optionally add clients via gssapi --- pmm_psmdb-pbm_setup/configure-agents.sh | 7 +++++++ pmm_psmdb-pbm_setup/configure-extra-agents.sh | 7 +++++++ pmm_qa/pmm-framework.py | 1 + pmm_qa/scripts/database_options.py | 2 +- 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/pmm_psmdb-pbm_setup/configure-agents.sh b/pmm_psmdb-pbm_setup/configure-agents.sh index 93e9fa96..575c9b70 100644 --- a/pmm_psmdb-pbm_setup/configure-agents.sh +++ b/pmm_psmdb-pbm_setup/configure-agents.sh @@ -6,6 +6,9 @@ pmm_mongo_user_pass=${PMM_MONGO_USER_PASS:-pmmpass} pbm_user=${PBM_USER:-pbm} pbm_pass=${PBM_PASS:-pbmpass} mongo_setup_type=${MONGO_SETUP_TYPE:-pss} +gssapi_enabled=${GSSAPI:-false} +gssapi_username=${GSSAPI_USERNAME:-pmm@PERCONATEST.COM} +gssapi_password=${GSSAPI_PASSWORD:-password1} echo echo "configuring pbm agents" @@ -36,6 +39,10 @@ do docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs ${node}_${random_number} 127.0.0.1:27017 else docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017 + + if [[ $gssapi_enabled == "true" ]]; then + docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${$node} --port=27017 ${node}_gssapi_${random_number} + fi fi done echo diff --git a/pmm_psmdb-pbm_setup/configure-extra-agents.sh b/pmm_psmdb-pbm_setup/configure-extra-agents.sh index 0c96a3de..9a4b4d03 100644 --- a/pmm_psmdb-pbm_setup/configure-extra-agents.sh +++ b/pmm_psmdb-pbm_setup/configure-extra-agents.sh @@ -6,6 +6,9 @@ pmm_mongo_user_pass=${PMM_MONGO_USER_PASS:-pmmpass} pbm_user=${PBM_USER:-pbm} pbm_pass=${PBM_PASS:-pbmpass} mongo_setup_type=${MONGO_SETUP_TYPE:-pss} +gssapi_enabled=${GSSAPI:-false} +gssapi_username=${GSSAPI_USERNAME:-pmm@PERCONATEST.COM} +gssapi_password=${GSSAPI_PASSWORD:-password1} echo echo "configuring pbm agents" @@ -34,5 +37,9 @@ do docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs1 ${node}_${random_number} 127.0.0.1:27017 else docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs1 --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017 + + if [[ $gssapi_enabled == "true" ]]; then + docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${$node} --port=27017 ${node}_gssapi_${random_number} + fi fi done diff --git a/pmm_qa/pmm-framework.py b/pmm_qa/pmm-framework.py index 84d02e1e..d8164684 100755 --- a/pmm_qa/pmm-framework.py +++ b/pmm_qa/pmm-framework.py @@ -562,6 +562,7 @@ def setup_psmdb(db_type, db_version=None, db_config=None, args=None): 'COMPOSE_PROFILES': get_value('COMPOSE_PROFILES', db_type, args, db_config), 'MONGO_SETUP_TYPE': get_value('SETUP_TYPE', db_type, args, db_config), 'OL_VERSION': get_value('OL_VERSION', db_type, args, db_config), + 'GSSAPI': get_value('GSSAPI', db_type, args, db_config), 'TESTS': 'no', 'CLEANUP': 'no' } diff --git a/pmm_qa/scripts/database_options.py b/pmm_qa/scripts/database_options.py index 444fed50..404465df 100644 --- a/pmm_qa/scripts/database_options.py +++ b/pmm_qa/scripts/database_options.py @@ -2,7 +2,7 @@ "PSMDB": { "versions": ["4.4", "5.0", "6.0", "7.0", "8.0", "latest"], "configurations": {"CLIENT_VERSION": "3-dev-latest", "SETUP_TYPE": "pss", "COMPOSE_PROFILES": "classic", - "TARBALL": "", "OL_VERSION": "9"} + "TARBALL": "", "OL_VERSION": "9", "GSSAPI": "false"} }, "MLAUNCH_PSMDB": { "versions": ["4.4", "5.0", "6.0", "7.0", "8.0"], From af7f34ffb4a41c70706702c42f5dfcadbaa83ff1 Mon Sep 17 00:00:00 2001 From: yurkovychv Date: Mon, 11 Aug 2025 18:43:43 +0300 Subject: [PATCH 2/4] PMM-14184 optionally add clients via gssapi --- pmm_psmdb-pbm_setup/configure-replset.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/pmm_psmdb-pbm_setup/configure-replset.sh b/pmm_psmdb-pbm_setup/configure-replset.sh index 544ddcb4..2b6f7b59 100644 --- a/pmm_psmdb-pbm_setup/configure-replset.sh +++ b/pmm_psmdb-pbm_setup/configure-replset.sh @@ -100,6 +100,7 @@ db.getSiblingDB("admin").createUser({ { "db" : "admin", "role" : "pbmAnyAction" } ] }); +EOF echo "creating pmm kerberos user" docker compose -f docker-compose-rs.yaml exec -T rs101 mongo "mongodb://root:root@localhost/?replicaSet=rs" --quiet << EOF db.getSiblingDB("\$external").createUser({ From 92b6b321a6a6d287e0c518d9fb54d46fc99db570 Mon Sep 17 00:00:00 2001 From: yurkovychv Date: Mon, 11 Aug 2025 19:56:09 +0300 Subject: [PATCH 3/4] PMM-14184 fix typo --- pmm_psmdb-pbm_setup/configure-agents.sh | 2 +- pmm_psmdb-pbm_setup/configure-extra-agents.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pmm_psmdb-pbm_setup/configure-agents.sh b/pmm_psmdb-pbm_setup/configure-agents.sh index 575c9b70..ce12af80 100644 --- a/pmm_psmdb-pbm_setup/configure-agents.sh +++ b/pmm_psmdb-pbm_setup/configure-agents.sh @@ -41,7 +41,7 @@ do docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017 if [[ $gssapi_enabled == "true" ]]; then - docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${$node} --port=27017 ${node}_gssapi_${random_number} + docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${node} --port=27017 ${node}_gssapi_${random_number} fi fi done diff --git a/pmm_psmdb-pbm_setup/configure-extra-agents.sh b/pmm_psmdb-pbm_setup/configure-extra-agents.sh index 9a4b4d03..9c3385a7 100644 --- a/pmm_psmdb-pbm_setup/configure-extra-agents.sh +++ b/pmm_psmdb-pbm_setup/configure-extra-agents.sh @@ -39,7 +39,7 @@ do docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs1 --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017 if [[ $gssapi_enabled == "true" ]]; then - docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${$node} --port=27017 ${node}_gssapi_${random_number} + docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${node} --port=27017 ${node}_gssapi_${random_number} fi fi done From c120265be46a4caf6214f103b056cb7bfc19ddbd Mon Sep 17 00:00:00 2001 From: yurkovychv Date: Tue, 12 Aug 2025 12:30:39 +0300 Subject: [PATCH 4/4] PMM-14184 extra repl set config --- pmm_psmdb-pbm_setup/configure-extra-replset.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pmm_psmdb-pbm_setup/configure-extra-replset.sh b/pmm_psmdb-pbm_setup/configure-extra-replset.sh index cade2cfb..5dc94cf5 100644 --- a/pmm_psmdb-pbm_setup/configure-extra-replset.sh +++ b/pmm_psmdb-pbm_setup/configure-extra-replset.sh @@ -101,3 +101,20 @@ db.getSiblingDB("admin").createUser({ ] }); EOF + +echo "creating pmm kerberos user" +docker compose -f docker-compose-rs.yaml exec -T rs201 mongo "mongodb://root:root@localhost/?replicaSet=rs" --quiet << EOF +db.getSiblingDB("\$external").createUser({ + user: "${pmm_mongo_user}@PERCONATEST.COM", + roles: [ + { role: "explainRole", db: "admin" }, + { role: "clusterMonitor", db: "admin" }, + { role: "read", db: "local" }, + { "db" : "admin", "role" : "readWrite", "collection": "" }, + { "db" : "admin", "role" : "backup" }, + { "db" : "admin", "role" : "clusterMonitor" }, + { "db" : "admin", "role" : "restore" }, + { "db" : "admin", "role" : "pbmAnyAction" } + ] +}); +EOF