Common Cassandra doesn't support user authentication

Change-Id: I337aaf258b1a3716d97e31ea3f53014738f3db55
Issue-ID: OOM-1835
Signed-off-by: mahendrr <mahendra.raghuwanshi@amdocs.com>

diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
new file mode 100644 (file)
index 0000000..5b65222
--- /dev/null
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+set -e
+
+# first arg is `-f` or `--some-option`
+# or there are no args
+if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
+        set -- cassandra -f "$@"
+fi
+
+# allow the container to be started with `--user`
+if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
+        find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
+                \! -user cassandra -exec chown cassandra '{}' +
+        exec gosu cassandra "$BASH_SOURCE" "$@"
+fi
+
+_ip_address() {
+        # scrape the first non-localhost IP address of the container
+        # in Swarm Mode, we often get two IPs -- the container IP, and the (shared) VIP, and the container IP should always be first
+        ip address | awk '
+                $1 == "inet" && $NF != "lo" {
+                        gsub(/\/.+$/, "", $2)
+                        print $2
+                        exit
+                }
+        '
+}
+
+# "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example)
+_sed-in-place() {
+        local filename="$1"; shift
+        local tempFile
+        tempFile="$(mktemp)"
+        sed "$@" "$filename" > "$tempFile"
+        cat "$tempFile" > "$filename"
+        rm "$tempFile"
+}
+
+if [ "$1" = 'cassandra' ]; then
+        : ${CASSANDRA_RPC_ADDRESS='0.0.0.0'}
+
+        : ${CASSANDRA_LISTEN_ADDRESS='auto'}
+        if [ "$CASSANDRA_LISTEN_ADDRESS" = 'auto' ]; then
+                CASSANDRA_LISTEN_ADDRESS="$(_ip_address)"
+        fi
+
+        : ${CASSANDRA_BROADCAST_ADDRESS="$CASSANDRA_LISTEN_ADDRESS"}
+
+        if [ "$CASSANDRA_BROADCAST_ADDRESS" = 'auto' ]; then
+                CASSANDRA_BROADCAST_ADDRESS="$(_ip_address)"
+        fi
+        : ${CASSANDRA_BROADCAST_RPC_ADDRESS:=$CASSANDRA_BROADCAST_ADDRESS}
+
+        if [ -n "${CASSANDRA_NAME:+1}" ]; then
+                : ${CASSANDRA_SEEDS:="cassandra"}
+        fi
+        : ${CASSANDRA_SEEDS:="$CASSANDRA_BROADCAST_ADDRESS"}
+
+        _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+                -r 's/(- seeds:).*/\1 "'"$CASSANDRA_SEEDS"'"/'
+
+        for yaml in \
+                broadcast_address \
+                broadcast_rpc_address \
+                cluster_name \
+                endpoint_snitch \
+                listen_address \
+                num_tokens \
+                rpc_address \
+                start_rpc \
+                authenticator \
+        ; do
+                var="CASSANDRA_${yaml^^}"
+                val="${!var}"
+                if [ "$val" ]; then
+                        _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+                                -r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
+                fi
+        done
+
+        for rackdc in dc rack; do
+                var="CASSANDRA_${rackdc^^}"
+                val="${!var}"
+                if [ "$val" ]; then
+                        _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
+                                -r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
+                fi
+        done
+fi
+
+exec "$@"
+

diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml
index a9420d7..abb8a7e 100644 (file)
--- a/kubernetes/common/cassandra/templates/configmap.yaml
+++ b/kubernetes/common/cassandra/templates/configmap.yaml
@@ -12,4 +12,16 @@ metadata:
 data:
 {{ toYaml .Values.configOverrides | indent 2 }}
 {{- end }}
-
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-entrypoint
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }}

diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index a0b6b5f..0c7a112 100644 (file)
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -54,6 +54,9 @@ spec:
           - name: localtime
             mountPath: /etc/localtime
             readOnly: true
+          - name: cassandra-entrypoint
+            mountPath: /docker-entrypoint.sh
+            subPath: docker-entrypoint.sh
           {{- range $key, $value := .Values.configOverrides }}
           - name: cassandra-config-{{ $key | replace "." "-" }}
             mountPath: /etc/cassandra/{{ $key }}
@@ -110,6 +113,8 @@ spec:
             value: {{ default "true" .Values.config.start_rpc | quote }}
           - name: CASSANDRA_ENDPOINT_SNITCH
             value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
+          - name: CASSANDRA_AUTHENTICATOR
+            value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
           - name: POD_IP
             valueFrom:
               fieldRef:
@@ -141,6 +146,10 @@ spec:
         configMap:
           name: {{ include "common.fullname" . }}-configOverrides
       {{- end }}
+      - name: cassandra-entrypoint
+        configMap:
+          name: {{ include "common.fullname" . }}-entrypoint
+          defaultMode: 0755
   {{- if not .Values.persistence.enabled }}
       - name: cassandra-data
         emptyDir: {}