From ea6225156c911489c44cf32694b984a7e9b61d81 Mon Sep 17 00:00:00 2001 From: Artem Ervits Date: Tue, 15 Jun 2021 16:56:58 -0400 Subject: [PATCH] updated --- cockroach-gssapi-multinode/README.md | 28 ++++++++++--------- cockroach-gssapi-multinode/docker-compose.yml | 3 ++ .../roach-cert/Dockerfile | 7 +++-- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/cockroach-gssapi-multinode/README.md b/cockroach-gssapi-multinode/README.md index b62cdb4..474891a 100644 --- a/cockroach-gssapi-multinode/README.md +++ b/cockroach-gssapi-multinode/README.md @@ -1,4 +1,5 @@ # A Secure CockroachDB Cluster with Kerberos and HAProxy acting as load balancer + --- Check out my series of articles on CockroachDB and Kerberos below: @@ -16,13 +17,14 @@ Check out my series of articles on CockroachDB and Kerberos below: --- ## Services -* `roach-0` - CockroachDB node -* `roach-1` - CockroachDB node -* `roach-2` - CockroachDB node -* `lb` - HAProxy acting as load balancer -* `roach-cert` - Holds certificates as volume mounts -* `kdc` - MIT Kerberos realm -* `client` - cockroach client node, also has `psql` installed + + `roach-0` - CockroachDB node + `roach-1` - CockroachDB node + `roach-2` - CockroachDB node + `lb` - HAProxy acting as load balancer + `roach-cert` - Holds certificates as volume mounts + `kdc` - MIT Kerberos realm + `client` - cockroach client node, also has `psql` installed ## Getting started @@ -41,12 +43,12 @@ docker exec -ti kdc sh docker exec -ti client cockroach sql --certs-dir=/certs --host=lb ``` -1) execute `./up.sh` instead of `docker compose up` +1. execute `./up.sh` instead of `docker compose up` - monitor the status of services via `docker compose logs` -2) visit the [DB Console](http://localhost:8080) -3) visit the [HAProxy UI](http://localhost:8081) +2. visit the [DB Console](http://localhost:8080) +3. visit the [HAProxy UI](http://localhost:8081) -4) Connect to `cockroach` using `psql` +4. Connect to `cockroach` using `psql` __Disclaimer__: given weird behavior on my host, I am unable to execute the below command on the latest CockroachDB @@ -79,13 +81,13 @@ Type "help" for help. defaultdb=> ``` -5) Connect to `cockroach` using `psql` and `krbsrvname` +#### Connect to `cockroach` using `psql` and `krbsrvname` ```bash psql "postgresql://lb:26257/defaultdb?sslmode=verify-full&sslrootcert=/certs/ca.crt&krbsrvname=customspn" -U tester ``` -6) Connecting to CockroachDB using the native binary +#### Connecting to CockroachDB using the native binary ```bash docker exec -it client cockroach sql \ diff --git a/cockroach-gssapi-multinode/docker-compose.yml b/cockroach-gssapi-multinode/docker-compose.yml index c257872..b0d5f83 100644 --- a/cockroach-gssapi-multinode/docker-compose.yml +++ b/cockroach-gssapi-multinode/docker-compose.yml @@ -18,6 +18,9 @@ services: - certs-roach-1:/certs/roach-1 - certs-roach-2:/certs/roach-2 - certs-client:/certs/client + networks: + roachnet: + ipv4_address: 172.28.0.1 kdc: container_name: kdc diff --git a/cockroach-gssapi-multinode/roach-cert/Dockerfile b/cockroach-gssapi-multinode/roach-cert/Dockerfile index 5eaf59b..f955f08 100644 --- a/cockroach-gssapi-multinode/roach-cert/Dockerfile +++ b/cockroach-gssapi-multinode/roach-cert/Dockerfile @@ -2,9 +2,9 @@ FROM cockroachdb/cockroach:latest-v21.1 AS generator LABEL maintainer="artemervits at gmail dot com" -LABEL version="5.0" +LABEL version="6.0" LABEL description="cockroach cert generator container" -ENV REFRESHED_AT 2021_05_25 +ENV REFRESHED_AT 2021_06_15 RUN mkdir -pv /tmp/certs/ca /tmp/certs/roach-0 /tmp/certs/roach-1 /tmp/certs/roach-2 /tmp/safe /tmp/certs/client /tmp/certs/lb @@ -15,7 +15,8 @@ RUN cockroach cert create-ca --certs-dir=/tmp/certs/ca --ca-key=/tmp/safe/ca.key && cp -v /tmp/certs/ca/ca.crt /tmp/certs/roach-2 \ && cp -v /tmp/certs/ca/ca.crt /tmp/certs/lb -RUN ./cockroach cert create-client root --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key --also-generate-pkcs8-key +RUN cockroach cert create-client root --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key --also-generate-pkcs8-key +RUN cockroach cert create-client roach --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key RUN cp -v /tmp/certs/client/client.* /tmp/certs/roach-0 \ && cp -v /tmp/certs/client/client.* /tmp/certs/roach-1 \