[bitnami/mongodb] Configure mongodb hostname during initialization

[dtrts]

Description of the change

This change enabled the hostname to be configured for the initialization of the server. These steps include:

• The creation of the root user
• The creation of additional users
• The setup and configuration of a replicaset

Benefits

When TLS is enabled through the *_EXTRA_FLAGS options it is enabled during initialization and it is common for the certificate to not include 127.0.0.1 in the IP list.

This change allows us to provide a host which works with TLS.

Possible drawbacks

Misconfiguration could lead to configuring the wrong server.

If attempting to use a hostname which resolves to an external IP then the mongo server will have to bind to that IP before initialization. This puts the server at risk of attack during setup. (Most likely for only a few seconds?)

Applicable issues

This issue is for the charts repo but does describe the issue here and the workarounds taken to fix it.

• [bitnami/mongodb] Enabling TLS using a custom certificate runs into multiple issues. - user creation / current_primary detection / all probes charts#16719

Additional information

Have a great day!

[corico44]

Hello @dtrts,

We are going to review this logic internally as we want to further investigate the behavior of the field that you propose to modify with a variable. We will notify you in this PR when there is any news.
Thank you very much for the contribution!

[dtrts]

Thank you @corico44.

There's more detail in the issue about why I have gone for this approach.

I have just thought of another option where support is added for different *_EXTRA_FLAGS or config file between initialization and the starting of the externally accessed server.

Have a great weekend!

[dtrts]

Hello @corico44

I've been working with TLS and just wanted to highlight another sticking point.

With TLS enabled the function mongodb_is_mongodb_started fails. It defaults to get_mongo_hostname, which in my case is using the MONGODB_ADVERTISED_HOSTNAME.

During initialization I don't have this hostname IP Bound and so it reports an error.

It could use the MONGODB_LOCALHOST_NAME by default, and we should create a separate check to ensure that the mongo server is accessible through the advertised hostname (i.e. through the internet)

Just some thoughts! Hope you're having a great week.

[rrileyca]

I fully agree with this PR as using the FQDN for a Replica Set that uses an X.509 certificate signed by a public CA is the proper way forward.

For example, the Bitnami Helm chart will break currently with all of the connections it makes to 127.0.0.1. Both the livenessProbe and readinessProbe in the Bitnami Mongodb Helm chart attmpet to connect to 127.0.0.1, making the chart impossible to use with PKI/ACME out-of-the-box.

[github-actions]

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

[rrileyca]

Bump

[corico44]

We are still reviewing the case internally. We will try to give you all updates as soon as possible.