PMM-14184 optionally add clients via gssapi (#157)

* PMM-14184 optionally add clients via gssapi

* PMM-14184 optionally add clients via gssapi

* PMM-14184 fix typo

* PMM-14184 extra repl set config

Author: yurkovychv

pmm_psmdb-pbm_setup/configure-agents.sh

@@ -6,6 +6,9 @@ pmm_mongo_user_pass=${PMM_MONGO_USER_PASS:-pmmpass}
 pbm_user=${PBM_USER:-pbm}
 pbm_pass=${PBM_PASS:-pbmpass}
 mongo_setup_type=${MONGO_SETUP_TYPE:-pss}
+gssapi_enabled=${GSSAPI:-false}
+gssapi_username=${GSSAPI_USERNAME:-pmm@PERCONATEST.COM}
+gssapi_password=${GSSAPI_PASSWORD:-password1}
 
 echo
 echo "configuring pbm agents"
@@ -36,6 +39,10 @@ do
       docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs ${node}_${random_number} 127.0.0.1:27017
     else
       docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017
+
+      if [[ $gssapi_enabled == "true" ]]; then
+        docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${node} --port=27017 ${node}_gssapi_${random_number}
+      fi
     fi
 done
 echo

pmm_psmdb-pbm_setup/configure-extra-agents.sh

@@ -6,6 +6,9 @@ pmm_mongo_user_pass=${PMM_MONGO_USER_PASS:-pmmpass}
 pbm_user=${PBM_USER:-pbm}
 pbm_pass=${PBM_PASS:-pbmpass}
 mongo_setup_type=${MONGO_SETUP_TYPE:-pss}
+gssapi_enabled=${GSSAPI:-false}
+gssapi_username=${GSSAPI_USERNAME:-pmm@PERCONATEST.COM}
+gssapi_password=${GSSAPI_PASSWORD:-password1}
 
 echo
 echo "configuring pbm agents"
@@ -34,5 +37,9 @@ do
       docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs1 ${node}_${random_number} 127.0.0.1:27017
     else
       docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs1 --username=${pmm_mongo_user} --password=${pmm_mongo_user_pass} ${node}_${random_number} 127.0.0.1:27017
+
+      if [[ $gssapi_enabled == "true" ]]; then
+        docker compose -f docker-compose-rs.yaml exec -T $node pmm-admin add mongodb --enable-all-collectors --agent-password=mypass --cluster=replicaset --replication-set=rs --username=${gssapi_username} --password=${gssapi_password} --authentication-mechanism=GSSAPI --authentication-database="$external" --host=${node} --port=27017 ${node}_gssapi_${random_number}
+      fi
     fi
 done

pmm_psmdb-pbm_setup/configure-extra-replset.sh

@@ -101,3 +101,20 @@ db.getSiblingDB("admin").createUser({
     ]
 });
 EOF
+
+echo "creating pmm kerberos user"
+docker compose -f docker-compose-rs.yaml exec -T rs201 mongo "mongodb://root:root@localhost/?replicaSet=rs" --quiet << EOF
+db.getSiblingDB("\$external").createUser({
+    user: "${pmm_mongo_user}@PERCONATEST.COM",
+    roles: [
+        { role: "explainRole", db: "admin" },
+        { role: "clusterMonitor", db: "admin" },
+        { role: "read", db: "local" },
+        { "db" : "admin", "role" : "readWrite", "collection": "" },
+        { "db" : "admin", "role" : "backup" },
+        { "db" : "admin", "role" : "clusterMonitor" },
+        { "db" : "admin", "role" : "restore" },
+        { "db" : "admin", "role" : "pbmAnyAction" }
+    ]
+});
+EOF

pmm_psmdb-pbm_setup/configure-replset.sh

@@ -100,6 +100,7 @@ db.getSiblingDB("admin").createUser({
         { "db" : "admin", "role" : "pbmAnyAction" }
     ]
 });
+EOF
 echo "creating pmm kerberos user"
 docker compose -f docker-compose-rs.yaml exec -T rs101 mongo "mongodb://root:root@localhost/?replicaSet=rs" --quiet << EOF
 db.getSiblingDB("\$external").createUser({

pmm_qa/pmm-framework.py

@@ -562,6 +562,7 @@ def setup_psmdb(db_type, db_version=None, db_config=None, args=None):
         'COMPOSE_PROFILES': get_value('COMPOSE_PROFILES', db_type, args, db_config),
         'MONGO_SETUP_TYPE': get_value('SETUP_TYPE', db_type, args, db_config),
         'OL_VERSION': get_value('OL_VERSION', db_type, args, db_config),
+        'GSSAPI': get_value('GSSAPI', db_type, args, db_config),
         'TESTS': 'no',
         'CLEANUP': 'no'
     }

pmm_qa/scripts/database_options.py

@@ -2,7 +2,7 @@
     "PSMDB": {
         "versions": ["4.4", "5.0", "6.0", "7.0", "8.0", "latest"],
         "configurations": {"CLIENT_VERSION": "3-dev-latest", "SETUP_TYPE": "pss", "COMPOSE_PROFILES": "classic",
-                           "TARBALL": "", "OL_VERSION": "9"}
+                           "TARBALL": "", "OL_VERSION": "9", "GSSAPI": "false"}
     },
     "MLAUNCH_PSMDB": {
         "versions": ["4.4", "5.0", "6.0", "7.0", "8.0"],