Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/mongodb] Create replicaset keyFile before mongo starts #32665

Merged
merged 4 commits into from
Aug 3, 2023
Merged

[bitnami/mongodb] Create replicaset keyFile before mongo starts #32665

merged 4 commits into from
Aug 3, 2023

Conversation

rrileyca
Copy link
Contributor

@rrileyca rrileyca commented May 4, 2023

Description of the change

This change creates the MongoDB Replicaset keyFile before mongod starts.

Benefits

This is needed because if an externally mounted file references the default keyFile that is made at path /opt/bitnami/mongodb/conf/keyfile, MongoDB will fail to start due to the non-existant file.

Possible drawbacks

To my understanding, none.

Applicable issues

@rrileyca
Create replicaset keyFile before mongo starts
bdbbb22 
Signed-off-by: Ryan Riley <ryan.riley@cyber.gc.ca>
@github-actions github-actions bot added the triage Triage is needed label May 4, 2023
@bitnami-bot bitnami-bot requested a review from javsalgar May 4, 2023 20:15
@carrodher carrodher added the verify Execute verification workflow for these changes label May 5, 2023
@github-actions github-actions bot added in-progress and removed triage Triage is needed labels May 5, 2023
@bitnami-bot bitnami-bot removed the request for review from javsalgar May 5, 2023 06:21
@bitnami-bot bitnami-bot requested a review from mdhont May 5, 2023 06:21
mdhont
mdhont suggested changes May 15, 2023
View reviewed changes
Copy link
Contributor

@mdhont mdhont left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes need to be tested and reviewed internally, in any case could you fix the indentation?

@rrileyca
fix indentation
e057e61 
Signed-off-by: Ryan Riley <ryan.riley@cyber.gc.ca>
@rrileyca
Copy link
Contributor Author

@mdhont done

@dtrts
Copy link
Contributor

dtrts commented May 17, 2023

Hello,

I have been working with this container recently and have applied a work around which also creates and configures the keyfile before mongod is started. This PR would definitely help.

I noticed that you have moved mongodb_set_listen_all_conf to before the initial startup. I was thinking this has a (miniscule) risk of letting mongod accept external commands before the initial users had been created.
The option here is to leave it where it is so that the first time mongod is run it is bound only to local host.

(In my scenario i am passing --transitionToAuth in as an extra flag which requires authorisation to be enabled. To stop mongod failing on the first run through I enable auth through mongodb_set_keyfile_conf. Since enableLocalhostAuthBypass is still enabled for the initilization the root user is still created despite auth being required at that point)

@rrileyca
addressed PR comment about listen_all on first start
a1acf66 
Signed-off-by: Ryan Riley <ryan.riley@cyber.gc.ca>
@rrileyca
Copy link
Contributor Author

Good point @dtrts. I've made the suggested change, and left the listen-all configuration where it was.

@rrileyca
Copy link
Contributor Author

Bump

1 similar comment
@rrileyca
Copy link
Contributor Author

rrileyca commented Jun 1, 2023

Bump

@rrileyca
Copy link
Contributor Author

@mdhont is the review underway or scheduled?

@mdhont
Copy link
Contributor

mdhont commented Jun 16, 2023

The solution is failing in our internal tests, and it needs some further investigation to find the cause.

@rrileyca
Copy link
Contributor Author

@mdhont thank you for the update.

@bitnami-bot bitnami-bot assigned aoterolorenzo and unassigned mdhont Jun 17, 2023
@carrodher carrodher removed the request for review from aoterolorenzo June 17, 2023 10:59
@carrodher carrodher assigned mdhont and unassigned aoterolorenzo Jun 17, 2023
@github-actions
Copy link

github-actions bot commented Jul 7, 2023

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

@github-actions github-actions bot added the stale 15 days without activity label Jul 7, 2023
@carrodher carrodher removed stale 15 days without activity bitnami labels Jul 7, 2023
@github-actions
Copy link

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

@github-actions github-actions bot added the stale 15 days without activity label Jul 23, 2023
mdhont
mdhont approved these changes Jul 24, 2023
View reviewed changes
Copy link
Contributor

@mdhont mdhont left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm!

@mdhont mdhont removed the stale 15 days without activity label Jul 24, 2023
@mdhont
Copy link
Contributor

mdhont commented Jul 24, 2023

@rrileyca, the license-header-linter job is failing, which is checking if some files contain a needed header. As this has recently been added could you sync your fork and do a rebase on the main branch?

@rrileyca
Copy link
Contributor Author

@mdhont Done! Thanks for reviewing.

@mdhont mdhont merged commit 76b02a3 into bitnami:main Aug 3, 2023
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdhont mdhont mdhont approved these changes

Assignees

@mdhont mdhont

Labels
mongodb solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
6 participants
@rrileyca @dtrts @mdhont @javsalgar @aoterolorenzo @carrodher