PMM-13758: control OL version (#152)

* PMM-13758: Update Docker setup for Oracle Linux versioning and add Kerberos service

- Introduced OL_VERSION as an argument for Dockerfile to support different Oracle Linux versions.
- Updated docker-compose configuration to include a new Kerberos service with health checks and volume mappings.
- Added entrypoint commands for initializing keytabs and copying certificates.
- Created a new script for generating certificates, replacing inline certificate generation in test-auth.sh.
- Adjusted environment variables in start scripts to accommodate OL_VERSION.

* PMM-14032 rever auth configuration

Author: yurkovychv

pmm_psmdb-pbm_setup/Dockerfile

@@ -1,4 +1,5 @@
-FROM oraclelinux:9
+ARG OL_VERSION=9
+FROM oraclelinux:${OL_VERSION}
 ARG REPO=testing
 ARG PMM_REPO=experimental
 ARG PBM_VERSION=latest
@@ -44,16 +45,16 @@ RUN set -ex; \
                        percona-server-mongodb-server \
                        percona-server-mongodb-mongos ; \
     else \
-        dnf -y install percona-server-mongodb-${PSMDB_VERSION}.el9 \
-                          percona-server-mongodb-tools-${PSMDB_VERSION}.el9 \
-                          percona-server-mongodb-server-${PSMDB_VERSION}.el9 \
-                          percona-server-mongodb-mongos-${PSMDB_VERSION}.el9 ; \
+        dnf -y install percona-server-mongodb-${PSMDB_VERSION}.el${OL_VERSION} \
+                          percona-server-mongodb-tools-${PSMDB_VERSION}.el${OL_VERSION} \
+                          percona-server-mongodb-server-${PSMDB_VERSION}.el${OL_VERSION} \
+                          percona-server-mongodb-mongos-${PSMDB_VERSION}.el${OL_VERSION} ; \
     fi && \
     if [ "$PBM_VERSION" == "latest" ]; then \
         dnf -y install percona-backup-mongodb ; \
     else \
-        dnf -y install percona-backup-mongodb-${PBM_VERSION}.el9 ; \
-    fi 
+        dnf -y install percona-backup-mongodb-${PBM_VERSION}.el${OL_VERSION} ; \
+    fi
 
 RUN if [[ "$PMM_CLIENT_VERSION" == http* ]]; then \
         dnf -y install pmm-client && \
@@ -68,9 +69,9 @@ RUN if [[ "$PMM_CLIENT_VERSION" == http* ]]; then \
         dnf -y install pmm-client ; \
     else \
         if [[ "$PMM_CLIENT_VERSION" =~ ^([3-9])\.([1-9][0-9]*)\.([0-9]+)$ ]]; then \
-            dnf -y install pmm-client-${PMM_CLIENT_VERSION}-7.el9 ; \
+            dnf -y install pmm-client-${PMM_CLIENT_VERSION}-7.el${OL_VERSION} ; \
         else \
-            dnf -y install pmm-client-${PMM_CLIENT_VERSION}-6.el9 ; \
+            dnf -y install pmm-client-${PMM_CLIENT_VERSION}-6.el${OL_VERSION} ; \
         fi \
     fi && \
     sed 's/Type=forking/#Type=forking/' -i /usr/lib/systemd/system/mongod.service && \
@@ -81,7 +82,7 @@ RUN if [[ "$PMM_CLIENT_VERSION" == http* ]]; then \
     curl -Lf -o /tmp/mgodatagen.tar.gz https://github.com/feliixx/mgodatagen/releases/download/v0.11.2/mgodatagen_0.11.2_Linux_x86_64.tar.gz && \
     tar -xf /tmp/mgodatagen.tar.gz -C /usr/bin && \
     dnf clean all; \
-    rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db;
+    rm -rf /var/cache/dnf /var/cache/dnf /data/db && mkdir -p /data/db;
 
 COPY conf/sysconfig/mongod /etc/sysconfig/
 COPY keyfile /etc/keyfile

pmm_psmdb-pbm_setup/docker-compose-rs.yaml

@@ -12,6 +12,7 @@ services:
         - PBM_VERSION=${PBM_VERSION:-latest}
         - PSMDB_VERSION=${PSMDB_VERSION:-latest}
         - PMM_CLIENT_VERSION=${PMM_CLIENT_VERSION:-3-dev-latest}
+        - OL_VERSION=${OL_VERSION:-9}
     command: /bin/bash
 
   rs101:

pmm_psmdb-pbm_setup/start-rs-only.sh

@@ -3,6 +3,7 @@ set -e
 
 profile=${COMPOSE_PROFILES:-classic}
 mongo_setup_type=${MONGO_SETUP_TYPE:-pss}
+ol_version=${OL_VERSION:-9}
 
 docker network create qa-integration || true
 docker network create pmm-qa || true
@@ -12,6 +13,7 @@ docker network create pmm2-ui-tests_pmm-network || true
 
 export COMPOSE_PROFILES=${profile}
 export MONGO_SETUP_TYPE=${mongo_setup_type}
+export OL_VERSION=${ol_version}
 
 docker compose -f docker-compose-rs.yaml down -v --remove-orphans
 docker compose -f docker-compose-rs.yaml build --no-cache

pmm_psmdb-pbm_setup/start-rs.sh

@@ -4,6 +4,7 @@ set -e
 pmm_server_admin_pass=${ADMIN_PASSWORD:-password}
 profile=${COMPOSE_PROFILES:-classic}
 mongo_setup_type=${MONGO_SETUP_TYPE:-pss}
+ol_version=${OL_VERSION:-9}
 
 docker network create qa-integration || true
 docker network create pmm-qa || true
@@ -13,6 +14,7 @@ docker network create pmm2-ui-tests_pmm-network || true
 
 export COMPOSE_PROFILES=${profile}
 export MONGO_SETUP_TYPE=${mongo_setup_type}
+export OL_VERSION=${ol_version}
 
 docker compose -f docker-compose-rs.yaml -f docker-compose-pmm.yaml down -v --remove-orphans
 docker compose -f docker-compose-rs.yaml -f docker-compose-pmm.yaml build

pmm_psmdb_diffauth_setup/generate-certs.sh

@@ -0,0 +1,16 @@
+#Generate certificates for tests
+rm -rf easy-rsa pki certs && mkdir certs
+git clone https://github.com/OpenVPN/easy-rsa.git
+./easy-rsa/easyrsa3/easyrsa init-pki
+./easy-rsa/easyrsa3/easyrsa --req-cn=Percona --batch build-ca nopass
+./easy-rsa/easyrsa3/easyrsa --req-ou=server --subject-alt-name=DNS:pmm-server --batch build-server-full pmm-server nopass
+./easy-rsa/easyrsa3/easyrsa --req-ou=server --subject-alt-name=DNS:psmdb-server --batch build-server-full psmdb-server nopass
+./easy-rsa/easyrsa3/easyrsa --req-ou=client --batch build-client-full pmm-test nopass
+openssl dhparam -out certs/dhparam.pem 2048
+
+cp pki/ca.crt certs/ca-certs.pem
+cp pki/private/pmm-server.key certs/certificate.key
+cp pki/issued/pmm-server.crt certs/certificate.crt
+cat pki/private/psmdb-server.key pki/issued/psmdb-server.crt > certs/psmdb-server.pem
+cat pki/private/pmm-test.key pki/issued/pmm-test.crt > certs/client.pem
+find certs -type f -exec chmod 644 {} \;

pmm_psmdb_diffauth_setup/test-auth.sh

@@ -23,22 +23,7 @@ if [ -z "$ADMIN_PASSWORD" ]; then
     export ADMIN_PASSWORD=admin
 fi
 
-#Generate certificates for tests
-rm -rf easy-rsa pki certs && mkdir certs
-git clone https://github.com/OpenVPN/easy-rsa.git
-./easy-rsa/easyrsa3/easyrsa init-pki
-./easy-rsa/easyrsa3/easyrsa --req-cn=Percona --batch build-ca nopass
-./easy-rsa/easyrsa3/easyrsa --req-ou=server --subject-alt-name=DNS:pmm-server --batch build-server-full pmm-server nopass
-./easy-rsa/easyrsa3/easyrsa --req-ou=server --subject-alt-name=DNS:psmdb-server --batch build-server-full psmdb-server nopass
-./easy-rsa/easyrsa3/easyrsa --req-ou=client --batch build-client-full pmm-test nopass
-openssl dhparam -out certs/dhparam.pem 2048
-
-cp pki/ca.crt certs/ca-certs.pem
-cp pki/private/pmm-server.key certs/certificate.key
-cp pki/issued/pmm-server.crt certs/certificate.crt
-cat pki/private/psmdb-server.key pki/issued/psmdb-server.crt > certs/psmdb-server.pem
-cat pki/private/pmm-test.key pki/issued/pmm-test.crt > certs/client.pem
-find certs -type f -exec chmod 644 {} \;
+bash -e ./generate-certs.sh
 
 #Start setup
 docker compose -f docker-compose-pmm-psmdb.yml down -v --remove-orphans

pmm_qa/pmm-framework.py

@@ -561,6 +561,7 @@ def setup_psmdb(db_type, db_version=None, db_config=None, args=None):
         'PMM_CLIENT_VERSION': get_value('CLIENT_VERSION', db_type, args, db_config),
         'COMPOSE_PROFILES': get_value('COMPOSE_PROFILES', db_type, args, db_config),
         'MONGO_SETUP_TYPE': get_value('SETUP_TYPE', db_type, args, db_config),
+        'OL_VERSION': get_value('OL_VERSION', db_type, args, db_config),
         'TESTS': 'no',
         'CLEANUP': 'no'
     }

pmm_qa/scripts/database_options.py

@@ -2,7 +2,7 @@
     "PSMDB": {
         "versions": ["4.4", "5.0", "6.0", "7.0", "8.0", "latest"],
         "configurations": {"CLIENT_VERSION": "3-dev-latest", "SETUP_TYPE": "pss", "COMPOSE_PROFILES": "classic",
-                           "TARBALL": ""}
+                           "TARBALL": "", "OL_VERSION": "9"}
     },
     "MLAUNCH_PSMDB": {
         "versions": ["4.4", "5.0", "6.0", "7.0", "8.0"],