Fix for Shard TLS for verison 6+ (#29)

Signed-off-by: Sayed <[email protected]> Co-authored-by: Arnob kumar saha <[email protected]>
kubedb · Jan 12, 2024 · 814021e · 814021e
1 parent 4cd69c9
commit 814021e
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 20 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -29,6 +29,9 @@ FROM alpine:latest
 
 RUN apk add --no-cache openssl gettext
 
+RUN delgroup ping
+RUN adduser -u 999 -g 999 -D mongo
+
 COPY install.sh /scripts/install.sh
 COPY replicaset.sh /scripts/replicaset.sh
 COPY arbiter.sh /scripts/arbiter.sh
@@ -39,6 +42,8 @@ COPY mongos.sh /scripts/mongos.sh
 COPY common.sh /scripts/common.sh
 COPY --from=builder peer-finder /scripts/peer-finder
 
+RUN chown -R mongo /scripts
+
 RUN chmod -c 755 /scripts/peer-finder \
  /scripts/install.sh \
  /scripts/arbiter.sh \

diff --git a/install.sh b/install.sh
@@ -49,6 +49,7 @@ if [[ "$SSL_MODE" != "disabled" ]] && [[ -f "$client_pem" ]]; then
     envsubst '${INJECT_USER}' <${INIT_DIR}/replicaset.sh >${DEST_DIR}/replicaset.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/sharding.sh >${DEST_DIR}/sharding.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/mongos.sh >${DEST_DIR}/mongos.sh
+    rm ${INIT_DIR}/replicaset.sh ${INIT_DIR}/mongos.sh ${INIT_DIR}/sharding.sh
     chmod -c 755 ${DEST_DIR}/replicaset.sh ${DEST_DIR}/sharding.sh ${DEST_DIR}/mongos.sh
 fi
 

diff --git a/mongos.sh b/mongos.sh
@@ -127,15 +127,15 @@ if [[ $(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    out=$(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({usersInfo: \"${INJECT_USER}\"})")
-    if echo "$out" | grep '${INJECT_USER}'; then
-        log "root user ${INJECT_USER} Already exists..."
-    else
-        mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-    fi
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    out=$(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({usersInfo: \"${INJECT_USER}\"})")
+#    if echo "$out" | grep '${INJECT_USER}'; then
+#        log "root user ${INJECT_USER} Already exists..."
+#    else
+#        mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#    fi
+#fi
 
 log "Good bye."
diff --git a/replicaset.sh b/replicaset.sh
@@ -158,10 +158,10 @@ if mongosh admin "$ipv6" --host localhost "${ssl_args[@]}" --quiet --eval "JSON.
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#fi
 
 log "Good bye."
diff --git a/sharding.sh b/sharding.sh
@@ -132,10 +132,10 @@ if mongosh admin "$ipv6" --host localhost "${ssl_args[@]}" --quiet --eval "JSON.
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#fi
 
 log "Good bye."