create separate exporter keytab

idoqo · idoqo · commit 382894518ffd · 2025-03-05T07:08:57.000+01:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -329,24 +329,6 @@ services:
             - ./docker/kerberos/cache:/tmp/
         command: >
             mongod --bind_ip_all --auth --setParameter authenticationMechanisms=GSSAPI,SCRAM-SHA-256
-
-
-    exporter-kerberos:
-        build:
-            dockerfile: ./docker/kerberos-exporter.dockerfile
-        container_name: exporter-kerberos
-        hostname: exporter-kerberos
-        ports:
-            -   "9217:9216"
-        environment:
-            - KRB5_KTNAME=/tmp/mongodb.keytab
-            - KRB5CCNAME=/tmp/krb5cc_0
-            - MONGO
-        volumes:
-            - ./docker/kerberos/conf/krb5.conf:/etc/krb5.conf
-            - ./docker/scripts/setup-krb5-exporter.sh:/scripts/setup-krb5-exporter.sh
-            - ./docker/kerberos/cache:/tmp/
-        entrypoint: [ "sh", "/scripts/setup-krb5-exporter.sh" ]
 volumes:
     pbm-backups:
 
diff --git a/docker/scripts/setup-krb5-exporter.sh b/docker/scripts/setup-krb5-exporter.sh
diff --git a/docker/scripts/setup-krb5-mongo.sh b/docker/scripts/setup-krb5-mongo.sh
@@ -8,4 +8,5 @@ docker exec ${KERBEROS_HOST} bash -c "kinit pmm-test@PERCONATEST.COM -kt /tmp/mo
 
 #docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/krb5cc_0"
 docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/mongodb.keytab"
-docker exec ${MONGO_HOST} mongosh "${MONGO_HOST}:${port}" -u ${username} -p ${password} --eval 'db.getSiblingDB("$external").createUser({user: "pmm-test@PERCONATEST.COM",roles: [{role: "read", db: "admin"}]});'
+docker exec ${MONGO_HOST} mongosh "${MONGO_HOST}:${port}" -u ${username} -p ${password} --eval ''
+db.getSiblingDB("$external").createUser({user: "pmm-test@PERCONATEST.COM",roles: [{role: "read", db: "admin"}]});
diff --git a/docker/scripts/setup-krb5-server.sh b/docker/scripts/setup-krb5-server.sh
@@ -2,6 +2,7 @@
 
 mongohost=`getent hosts ${MONGO_HOST} | awk '{ print $1 }'`
 kerberos_host=`getent hosts ${KERBEROS_HOST} | awk '{ print $1 }'`
+gateway_ip=`ip route | grep default | awk '{print $3}'`
 
 cat > /etc/krb5.conf <<EOL
 [libdefaults]
@@ -11,6 +12,7 @@ cat > /etc/krb5.conf <<EOL
     dns_lookup_kdc = false
     ignore_acceptor_hostname = true
     rdns = false
+    noaddresses = TRUE
 [realms]
     PERCONATEST.COM = {
         kdc_ports = 88
@@ -25,9 +27,13 @@ EOL
 kdb5_util create -s -P password
 kadmin.local -q "addprinc -pw password root/admin"
 kadmin.local -q "addprinc -pw mongodb mongodb/${mongohost}"
+kadmin.local -q "addprinc -pw mongodb mongodb/${gateway_ip}"
 kadmin.local -q "addprinc -pw password1 pmm-test"
+
 kadmin.local -q "ktadd -k /tmp/mongodb.keytab mongodb/${mongohost}@PERCONATEST.COM"
-kadmin.local -q "ktadd -k /tmp/mongodb.keytab pmm-test@PERCONATEST.COM"
+kadmin.local -q "ktadd -k /tmp/exporter.keytab mongodb/${gateway_ip}@PERCONATEST.COM"
 
-krb5kdc -n
+kadmin.local -q "ktadd -k /tmp/mongodb.keytab pmm-test@PERCONATEST.COM"
+kadmin.local -q "ktadd -k /tmp/exporter.keytab pmm-test@PERCONATEST.COM"
 
+krb5kdc -n

-Original file line number
+Diff line change
 #docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/krb5cc_0"
 docker exec --user root ${MONGO_HOST} bash -c "chown -R mongodb:root /tmp/mongodb.keytab"
 -docker exec ${MONGO_HOST} mongosh "${MONGO_HOST}:${port}" -u ${username} -p ${password} --eval 'db.getSiblingDB("$external").createUser({user: "[email protected]",roles: [{role: "read", db: "admin"}]});'
 +docker exec ${MONGO_HOST} mongosh "${MONGO_HOST}:${port}" -u ${username} -p ${password} --eval ''
 +db.getSiblingDB("$external").createUser({user: "[email protected]",roles: [{role: "read", db: "admin"}]});