From 8b20f77ac9cb60b7287bc10a0f25b04da17b7b24 Mon Sep 17 00:00:00 2001 From: mahendrr Date: Fri, 3 May 2019 06:50:10 +0000 Subject: Common Cassandra doesn't support user authentication Change-Id: I337aaf258b1a3716d97e31ea3f53014738f3db55 Issue-ID: OOM-1835 Signed-off-by: mahendrr --- .../resources/config/docker-entrypoint.sh | 92 ++++++++++++++++++++++ .../common/cassandra/templates/configmap.yaml | 14 +++- .../common/cassandra/templates/statefulset.yaml | 9 +++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 kubernetes/common/cassandra/resources/config/docker-entrypoint.sh diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh new file mode 100644 index 0000000000..5b652228a6 --- /dev/null +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -0,0 +1,92 @@ +#!/bin/bash +set -e + +# first arg is `-f` or `--some-option` +# or there are no args +if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then + set -- cassandra -f "$@" +fi + +# allow the container to be started with `--user` +if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then + find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \ + \! -user cassandra -exec chown cassandra '{}' + + exec gosu cassandra "$BASH_SOURCE" "$@" +fi + +_ip_address() { + # scrape the first non-localhost IP address of the container + # in Swarm Mode, we often get two IPs -- the container IP, and the (shared) VIP, and the container IP should always be first + ip address | awk ' + $1 == "inet" && $NF != "lo" { + gsub(/\/.+$/, "", $2) + print $2 + exit + } + ' +} + +# "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example) +_sed-in-place() { + local filename="$1"; shift + local tempFile + tempFile="$(mktemp)" + sed "$@" "$filename" > "$tempFile" + cat "$tempFile" > "$filename" + rm "$tempFile" +} + +if [ "$1" = 'cassandra' ]; then + : ${CASSANDRA_RPC_ADDRESS='0.0.0.0'} + + : ${CASSANDRA_LISTEN_ADDRESS='auto'} + if [ "$CASSANDRA_LISTEN_ADDRESS" = 'auto' ]; then + CASSANDRA_LISTEN_ADDRESS="$(_ip_address)" + fi + + : ${CASSANDRA_BROADCAST_ADDRESS="$CASSANDRA_LISTEN_ADDRESS"} + + if [ "$CASSANDRA_BROADCAST_ADDRESS" = 'auto' ]; then + CASSANDRA_BROADCAST_ADDRESS="$(_ip_address)" + fi + : ${CASSANDRA_BROADCAST_RPC_ADDRESS:=$CASSANDRA_BROADCAST_ADDRESS} + + if [ -n "${CASSANDRA_NAME:+1}" ]; then + : ${CASSANDRA_SEEDS:="cassandra"} + fi + : ${CASSANDRA_SEEDS:="$CASSANDRA_BROADCAST_ADDRESS"} + + _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \ + -r 's/(- seeds:).*/\1 "'"$CASSANDRA_SEEDS"'"/' + + for yaml in \ + broadcast_address \ + broadcast_rpc_address \ + cluster_name \ + endpoint_snitch \ + listen_address \ + num_tokens \ + rpc_address \ + start_rpc \ + authenticator \ + ; do + var="CASSANDRA_${yaml^^}" + val="${!var}" + if [ "$val" ]; then + _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \ + -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/' + fi + done + + for rackdc in dc rack; do + var="CASSANDRA_${rackdc^^}" + val="${!var}" + if [ "$val" ]; then + _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \ + -r 's/^('"$rackdc"'=).*/\1 '"$val"'/' + fi + done +fi + +exec "$@" + diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml index a9420d7e5b..abb8a7e65f 100644 --- a/kubernetes/common/cassandra/templates/configmap.yaml +++ b/kubernetes/common/cassandra/templates/configmap.yaml @@ -12,4 +12,16 @@ metadata: data: {{ toYaml .Values.configOverrides | indent 2 }} {{- end }} - +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index a0b6b5f738..0c7a112bcb 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -54,6 +54,9 @@ spec: - name: localtime mountPath: /etc/localtime readOnly: true + - name: cassandra-entrypoint + mountPath: /docker-entrypoint.sh + subPath: docker-entrypoint.sh {{- range $key, $value := .Values.configOverrides }} - name: cassandra-config-{{ $key | replace "." "-" }} mountPath: /etc/cassandra/{{ $key }} @@ -110,6 +113,8 @@ spec: value: {{ default "true" .Values.config.start_rpc | quote }} - name: CASSANDRA_ENDPOINT_SNITCH value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }} + - name: CASSANDRA_AUTHENTICATOR + value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }} - name: POD_IP valueFrom: fieldRef: @@ -141,6 +146,10 @@ spec: configMap: name: {{ include "common.fullname" . }}-configOverrides {{- end }} + - name: cassandra-entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 {{- if not .Values.persistence.enabled }} - name: cassandra-data emptyDir: {} -- cgit 1.2.3-korg