[DSD-3884] Updated deployment as per esignet vc release (#1453)

* [DSD-3884] Updated deployment as per esignet vc release

Signed-off-by: syed salman <[email protected]>

* [DSD-3884] updated chart version

Signed-off-by: syed salman <[email protected]>

---------

Signed-off-by: syed salman <[email protected]>

deployment/v3/external/postgres/README.md

@@ -4,10 +4,8 @@
 ```sh
 ./install.sh
 ```
-* A random password will get assigned for `postgres` user if you have not specified a password.  The password may be obtained using following script:
-```sh
-./get_pwd.sh
-```
+* A random password will get assigned for `postgres` user if you have not specified a password. The password may be obtained from Rancher console.
+
 ## Test
 * Make sure docker is running from machine you are testing.
 * Postgres is accessible over "internal" channel, i.e. over Wireguard.  Make sure you have the Wireguard setup along with credentials to connect to internal load balancer.
@@ -29,6 +27,29 @@ Note that PVC and PV are not deleted after helm delete.  So if you would like to
 ## Init a specific DB
 To initialized a specific db disable init of all others in `init_values.yaml` by settings `true` -> `false`.  Get db-user password with `get_pwd.sh`.  Provide the password in `init_values.yaml` and run `init_db.sh`.
 
+## DB export
+
+* Export all DB's to a single file via below command:
+  ```
+  pg_dumpall -c --if-exists -h <HOSTNAME> -p <PORT-NUMBER> -U <USERNAME> -f <BACKUP_FILE_NAME>.dump
+  ```
+
+## DB import
+
+* Import DB's from backup file via below command:
+  ```
+  psql -h <HOSTNAME> -p <PORT-NUMBER> -U <USERNAME> -f <BACKUP_FILE_NAME>.dump
+  ```
+
 ## Troubleshooting
 * If you face login issues even when the password entered is correct, it could be due to previous PVC, and PV.  Delete them, but exercise caution as this will delete all persistent data.
+* If you face below error while importing db's.
+  ```
+  psql:all-db-backup.dump:139: ERROR:  option "locale" not recognized                                             
+  LINE 1: ...late1 WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE = '...
+  ```
+  Then replace `LOCALE` with `LC_COLLATE` in `<BACKUP_FILE_NAME>.dump` file via sed command.
+  ```
+  sed -i 's/LOCALE/LC_COLLATE/g' <BACKUP_FILE_NAME>.dump
+  ```
 

deployment/v3/external/postgres/init_db.sh

@@ -8,14 +8,14 @@ fi
 
 function initialize_db() {
   NS=postgres
-  CHART_VERSION=12.0.1-B3
+  CHART_VERSION=12.0.1-B4
   helm repo update
   while true; do
       read -p "CAUTION: all existing data will be lost. Are you sure?(Y/n)" yn
       if [ $yn = "Y" ]
         then
           echo Removing any existing installation
-          helm -n $NS delete postgres-init
+          helm -n $NS delete postgres-init || true
           echo Initializing DB
           helm -n $NS install postgres-init mosip/postgres-init -f init_values.yaml --version $CHART_VERSION --wait --wait-for-jobs
           break
@@ -32,4 +32,4 @@ set -o errexit   ## set -e : exit the script if any statement returns a non-true
 set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
 set -o errtrace  # trace ERR through 'time command' and other functions
 set -o pipefail  # trace ERR through pipes
-initialize_db   # calling function
+initialize_db   # calling function

deployment/v3/external/postgres/init_values.yaml

@@ -4,48 +4,55 @@ dbUserPasswords:
 databases:
   mosip_master:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_audit:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_keymgr:
-    enabled: true 
+    enabled: true
+    branch: release-1.2.0.1
 
   mosip_kernel:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_idmap:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_prereg:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_idrepo:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_ida:
     enabled: true
+    branch: release-1.2.0.1
 
   mosip_credential:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_regprc:
     enabled: true
-
-  mosip_regdevice:
-    enabled: true
-
-  mosip_authdevice:
-    enabled: true
+    branch: v1.2.0.1-B2
 
   mosip_pms:
     enabled: true
+    branch: v1.2.0.1-B3
 
   mosip_hotlist:
     enabled: true
+    branch: v1.2.0.1-B1
 
   mosip_resident:
     enabled: true
+    branch: v1.2.0.1-B2
 
   mosip_toolkit:
     enabled: false

deployment/v3/external/postgres/install.sh

@@ -15,7 +15,7 @@ kubectl label ns $NS istio-injection=enabled --overwrite
 
 function installing_postgres() {
   echo Installing  Postgres
-  helm -n $NS install postgres mosip/postgresql --version 10.16.2 -f values.yaml --wait
+  helm -n $NS install postgres bitnami/postgresql --version 13.1.5 -f values.yaml --wait
   echo Installed Postgres
 
   echo Installing gateways and virtual services

deployment/v3/external/postgres/values.yaml

@@ -1,13 +1,13 @@
-resources:
-  limits: {}
-  #   cpu: 250m
-  #   memory: 1Gi
-  requests: 
-    cpu: 3000m
-    memory: 3000Mi
-
-postgresqlExtendedConf:
-   wal_level: logical
-   max_wal_senders: 20
-   max_replication_slots: 10
-   max_connections: 1000
+primary:
+  extendedConfiguration: |
+    max_connections=1000
+    wal_level=logical
+    max_wal_senders=20
+    max_replication_slots=10
+  resources:
+    limits: {}
+    #   cpu: 250m
+    #   memory: 1Gi
+    requests:
+      cpu: 3000m
+      memory: 3000Mi

deployment/v3/mosip/artifactory/install.sh

@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=artifactory
-CHART_VERSION=12.0.1-B3
+CHART_VERSION=12.0.1-B6
 
 echo Create $NS namespace
 kubectl create ns $NS 

deployment/v3/mosip/ida/README.md

@@ -4,5 +4,10 @@
 ```
 ./install.sh
 ```
+* During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
+* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
+* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
+* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.
+
 ## Onboard IDA as partner
 Partner onboarding is already done as part of default IDA installation.  However, IDA's certificates needs to be uploaded to Keymanager.  Upload using Postman collections as given [here](certs_upload/postman/README.md)

deployment/v3/mosip/ida/copy_cm.sh

@@ -1,11 +1,25 @@
 #!/bin/bash
 # Copy configmaps from other namespaces
-# DST_NS: Destination namespace 
+# DST_NS: Destination namespace
+
+function copying_cm() {
+  COPY_UTIL=../../utils/copy_cm_func.sh
+  DST_NS=ida
+
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  $COPY_UTIL configmap softhsm-ida-share softhsm $DST_NS
+  return 0
+}
+
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function
 
-COPY_UTIL=../../utils/copy_cm_func.sh
-DST_NS=ida
 
-$COPY_UTIL configmap global default $DST_NS 
-$COPY_UTIL configmap artifactory-share artifactory $DST_NS 
-$COPY_UTIL configmap config-server-share config-server $DST_NS
-$COPY_UTIL configmap softhsm-ida-share softhsm $DST_NS

deployment/v3/mosip/ida/install.sh

@@ -7,8 +7,8 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=ida
-CHART_VERSION=12.0.1-B3
-KEYGEN_CHART_VERSION=12.0.1-B2
+CHART_VERSION=12.0.1-B5
+KEYGEN_CHART_VERSION=12.0.1-B3
 
 echo Create $NS namespace
 kubectl create ns $NS
@@ -22,17 +22,31 @@ function installing_ida() {
   sed -i 's/\r$//' copy_cm.sh
   ./copy_cm.sh
 
+  echo "Do you have public domain & valid SSL? (Y/n) "
+  echo "Y: if you have public domain & valid ssl certificate"
+  echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
+  read -p "" flag
+
+  if [ -z "$flag" ]; then
+    echo "'flag' was provided; EXITING;"
+    exit 1;
+  fi
+  ENABLE_INSECURE=''
+  if [ "$flag" = "n" ]; then
+    ENABLE_INSECURE='--set enable_insecure=true';
+  fi
+
   echo Running ida keygen
   helm -n $NS install ida-keygen mosip/keygen --wait --wait-for-jobs  --version $KEYGEN_CHART_VERSION -f keygen_values.yaml
 
   echo Installing ida auth
-  helm -n $NS install ida-auth mosip/ida-auth --version $CHART_VERSION
+  helm -n $NS install ida-auth mosip/ida-auth --version $CHART_VERSION $ENABLE_INSECURE
 
   echo Installing ida internal
-  helm -n $NS install ida-internal mosip/ida-internal --version $CHART_VERSION
+  helm -n $NS install ida-internal mosip/ida-internal --version $CHART_VERSION $ENABLE_INSECURE
 
   echo Installing ida otp
-  helm -n $NS install ida-otp mosip/ida-otp --version $CHART_VERSION
+  helm -n $NS install ida-otp mosip/ida-otp --version $CHART_VERSION $ENABLE_INSECURE
 
   kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
   echo Intalled ida services

deployment/v3/mosip/keymanager/copy_cm.sh

@@ -1,14 +1,25 @@
 #!/bin/bash
 # Copy configmaps from other namespaces
-# DST_NS: Destination (current) namespace 
-COPY_UTIL=../../utils/copy_cm_func.sh
-DST_NS=keymanager
+# DST_NS: Destination (current) namespace
 
-$COPY_UTIL configmap global default $DST_NS 
-$COPY_UTIL configmap artifactory-share artifactory $DST_NS 
-$COPY_UTIL configmap config-server-share config-server $DST_NS
-$COPY_UTIL configmap softhsm-kernel-share softhsm $DST_NS
+function copying_cm() {
+  COPY_UTIL=../../utils/copy_cm_func.sh
+  DST_NS=keymanager
 
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  $COPY_UTIL configmap softhsm-kernel-share softhsm $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function
 
 
 

deployment/v3/mosip/keymanager/install.sh

@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=keymanager
-CHART_VERSION=12.0.1-B2
+CHART_VERSION=12.0.1-B3
 
 echo Creating $NS namespace
 kubectl create ns $NS

deployment/v3/mosip/mosip-file-server/README.md

@@ -1,14 +1,17 @@
-# Regclient 
+# mosip-file-server
 
 ## Introduction
-The chart here installs a mosip-file-server accessed over an https URL. 
+The chart here installs a mosip-file-server accessed over an https URL.
 
 ## Install
-* Make sure global configmap contains the url for mosip-file-server host e.g. `fileserver.sandbox.xyz.net`.
-* The url must point to your internal loadbalancer as regclient will typically not be open to public.
+* Mosip-file-server contains certs, json which will be used by partners to integrate with MOSIP services.
 * Install
 ```sh
 ./install.sh
 ```
-## Download
-The download URL will be available at `https://your-fileserver-host`. Example: `https://fileserver.sandbox.xyz.net`.
+## URL
+* The URL will be available at https://api-host.
+  Example:
+    * https://api.sandbox.xyz.net/.well-known/
+    * https://api.sandbox.xyz.net/inji/
+    * https://api.sandbox.xyz.net/mosip-certs/

deployment/v3/mosip/mosip-file-server/copy_cm.sh

@@ -2,7 +2,18 @@
 # Copy configmaps from other namespaces
 # DST_NS: Destination namespace
 
-COPY_UTIL=../../utils/copy_cm_func.sh
-DST_NS=mosip-file-server
+function copying_cm() {
+  COPY_UTIL=../../utils/copy_cm_func.sh
+  DST_NS=mosip-file-server
 
-$COPY_UTIL configmap config-server-share config-server $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function

deployment/v3/mosip/mosip-file-server/install.sh

@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
 fi
 
 NS=mosip-file-server
-CHART_VERSION=12.0.1-B3
+CHART_VERSION=12.0.1-B4
 
 echo Create $NS namespace
 kubectl create ns $NS