New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backend: Feature - enable kerberos with forked go-mysql-driver #65753
base: main
Are you sure you want to change the base?
Conversation
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
This pull request has been automatically closed because it has not had activity in the last 2 weeks. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
@zoltanbedi is this still being looked at? afaik theres nothing more that plugins platform would be doing so have removed it from our board. |
Hi @sympatheticmoose, |
@@ -106,11 +106,15 @@ WORKDIR $GF_PATHS_HOME | |||
# Install dependencies | |||
RUN if grep -i -q alpine /etc/issue; then \ | |||
apk add --no-cache ca-certificates bash curl tzdata musl-utils && \ | |||
apk add --no-cache openssl musl-utils libcrypto1.1>1.1.1t-r1 libssl1.1>1.1.1t-r1 && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it a requirement to add these on separate lines instead of all in one?
What is this feature?
Replaces #38663
Switches to a fork of go-mysql-driver/mysql with krb5 support added
to use mysql with kerberos, the keytab for the authentication user needs to be set with the "standard" env variable KRB5_CLIENT_KTNAME before starting grafana-server.
using grafana with mysql as backing storage + kerberos, use the url option, and increase max_idle_conn to 10.
url = mysql://kirby@myhost.grafana.com:3306/grafanacore
max_idle_conn = 10
building requires additional libraries, and the build-ci container needs some modifications that are included for gssapi
NOTE: this also updates the ci-build toolchain (but not drone.yml), we can separate this into another PR, builds will still fail until drone is updated and the new docker image is pushed
Why do we need this feature?
Allows Grafana to communicate with MySQL Enterprise servers running under kerberos. Datasources and Grafana itself can use kerberos with this option.
Who is this feature for?
Users of MySQL Enterprise that can only use kerberos auth.
Which issue(s) does this PR fix?:
Special notes for your reviewer:
Drone build failure is expected since it will require adding additional packages to the docker image.
Please check that: