Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bitnami/mongodb] Configure mongodb hostname during initialization #34297

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

dtrts
Copy link
Contributor

@dtrts dtrts commented May 17, 2023

Description of the change

This change enabled the hostname to be configured for the initialization of the server. These steps include:

  • The creation of the root user
  • The creation of additional users
  • The setup and configuration of a replicaset

Benefits

When TLS is enabled through the *_EXTRA_FLAGS options it is enabled during initialization and it is common for the certificate to not include 127.0.0.1 in the IP list.

This change allows us to provide a host which works with TLS.

Possible drawbacks

Misconfiguration could lead to configuring the wrong server.

If attempting to use a hostname which resolves to an external IP then the mongo server will have to bind to that IP before initialization. This puts the server at risk of attack during setup. (Most likely for only a few seconds?)

Applicable issues

This issue is for the charts repo but does describe the issue here and the workarounds taken to fix it.

Additional information

Have a great day!

@github-actions github-actions bot added the triage Triage is needed label May 17, 2023
…e via the environment variable MONGODB_LOCALHOST_NAME

Signed-off-by: Douglas Thomson <djt210@gmail.com>
@carrodher carrodher added the verify Execute verification workflow for these changes label May 17, 2023
@github-actions github-actions bot added in-progress and removed triage Triage is needed labels May 17, 2023
@bitnami-bot bitnami-bot removed the request for review from javsalgar May 17, 2023 16:48
@bitnami-bot bitnami-bot requested a review from corico44 May 17, 2023 16:48
@corico44 corico44 changed the title [bitnami/mongodb] Configure mongod hostname during initialization [bitnami/mongodb] Configure mongodb hostname during initialization May 18, 2023
@corico44
Copy link
Contributor

Hello @dtrts,

We are going to review this logic internally as we want to further investigate the behavior of the field that you propose to modify with a variable. We will notify you in this PR when there is any news.
Thank you very much for the contribution!

bitnami/mongodb/README.md Outdated Show resolved Hide resolved
@dtrts
Copy link
Contributor Author

dtrts commented May 19, 2023

Thank you @corico44.

There's more detail in the issue about why I have gone for this approach.

I have just thought of another option where support is added for different *_EXTRA_FLAGS or config file between initialization and the starting of the externally accessed server.

Have a great weekend!

@dtrts
Copy link
Contributor Author

dtrts commented May 24, 2023

Hello @corico44

I've been working with TLS and just wanted to highlight another sticking point.

With TLS enabled the function mongodb_is_mongodb_started fails. It defaults to get_mongo_hostname, which in my case is using the MONGODB_ADVERTISED_HOSTNAME.

During initialization I don't have this hostname IP Bound and so it reports an error.

It could use the MONGODB_LOCALHOST_NAME by default, and we should create a separate check to ensure that the mongo server is accessible through the advertised hostname (i.e. through the internet)

Just some thoughts! Hope you're having a great week.

@rrileyca
Copy link
Contributor

I fully agree with this PR as using the FQDN for a Replica Set that uses an X.509 certificate signed by a public CA is the proper way forward.

For example, the Bitnami Helm chart will break currently with all of the connections it makes to 127.0.0.1. Both the livenessProbe and readinessProbe in the Bitnami Mongodb Helm chart attmpet to connect to 127.0.0.1, making the chart impossible to use with PKI/ACME out-of-the-box.

@github-actions
Copy link

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

@github-actions github-actions bot added the stale 15 days without activity label Jun 11, 2023
@rrileyca
Copy link
Contributor

Bump

@github-actions github-actions bot removed the stale 15 days without activity label Jun 12, 2023
Signed-off-by: Douglas Thomson <36892985+dtrts@users.noreply.github.com>
@corico44
Copy link
Contributor

We are still reviewing the case internally. We will try to give you all updates as soon as possible.

@corico44 corico44 added the on-hold Issues or Pull Requests with this label will never be considered stale label Jun 15, 2023
@carrodher carrodher removed the request for review from corico44 April 22, 2024 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
mongodb on-hold Issues or Pull Requests with this label will never be considered stale verify Execute verification workflow for these changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants