Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MOSIP-15265] updated db-common-secrets to db-secrets #1155

Open
wants to merge 12 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions deployment/v3/external/all/install-all.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ ROOT_DIR=`pwd`/../
echo Installing External services

cd $ROOT_DIR/postgres
./db_password_gen.sh
./install.sh
./init_db.sh

Expand Down
6 changes: 6 additions & 0 deletions deployment/v3/external/postgres/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@
```
* A random password will get assigned for `postgres` user if you have not specified a password. The password may be obtained from Rancher console.

## Generate DB-Passwords
```sh
./db_password_gen.sh
```
* For each DB it will generate separate passwords.

## Test
* Make sure docker is running from machine you are testing.
* Postgres is accessible over "internal" channel, i.e. over Wireguard. Make sure you have the Wireguard setup along with credentials to connect to internal load balancer.
Expand Down
10 changes: 10 additions & 0 deletions deployment/v3/external/postgres/copy_secrets.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash
# Copy secrets from other namespaces
# DST_NS: Destination namespace
COPY_UTIL=../../utils/copy_cm_func.sh
DST_NS=postgres
SECRET_REGEX='db-.*-secret'
secrets_list=$(kubectl get secrets -n db-password --no-headers -o custom-columns=':.metadata.name' | grep "$SECRET_REGEX")
for secret in $secrets_list; do
$COPY_UTIL secret $secret db-password $DST_NS
done
25 changes: 25 additions & 0 deletions deployment/v3/external/postgres/db_password_gen.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/bash
# Script to initialize the DB-PASSWORD.
## Usage: ./db_password_gen.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

NS=db-password
kubectl create ns $NS
CHART_VERSION=12.0.2
helm repo update
while true; do
read -p "CAUTION: db-passwords will be recreated. Are you sure to regenerate?(Y/n)" yn
if [ $yn = "Y" ]
then
echo Removing any existing installation
helm -n $NS delete db-password-gen
echo Initializing DB-PASSWORD
helm -n $NS install db-password-gen mosip/db-password-gen -f init_values.yaml --version $CHART_VERSION
break
else
break
fi
done
2 changes: 2 additions & 0 deletions deployment/v3/external/postgres/init_db.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ while true; do
then
echo Removing any existing installation
helm -n $NS delete postgres-init
echo copying DB secrets
./copy_secrets.sh
echo Initializing DB
helm -n $NS install postgres-init mosip/postgres-init -f init_values.yaml --version $CHART_VERSION --wait --wait-for-jobs
break
Expand Down
3 changes: 0 additions & 3 deletions deployment/v3/external/postgres/init_values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
dbUserPasswords:
dbuserPassword: ""

databases:
mosip_master:
enabled: true
Expand Down
11 changes: 8 additions & 3 deletions deployment/v3/mosip/config-server/copy_secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@
# DST_NS: Destination namespace
COPY_UTIL=../../utils/copy_cm_func.sh
DST_NS=config-server
$COPY_UTIL secret db-common-secrets postgres $DST_NS
$COPY_UTIL secret keycloak keycloak $DST_NS
$COPY_UTIL secret keycloak keycloak $DST_NS
$COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
$COPY_UTIL secret activemq-activemq-artemis activemq $DST_NS
$COPY_UTIL secret activemq-activemq-artemis activemq $DST_NS
$COPY_UTIL secret softhsm-kernel softhsm $DST_NS
$COPY_UTIL secret softhsm-ida softhsm $DST_NS
$COPY_UTIL secret softhsm-idp softhsm $DST_NS
$COPY_UTIL secret s3 s3 $DST_NS
$COPY_UTIL secret email-gateway msg-gateways $DST_NS
$COPY_UTIL secret prereg-captcha prereg $DST_NS
$COPY_UTIL secret conf-secrets-various conf-secrets $DST_NS

SECRET_REGEX='db-.*-secret'
secrets_list=$(kubectl get secrets -n db-password --no-headers -o custom-columns=':.metadata.name' | grep "$SECRET_REGEX")
for secret in $secrets_list; do
$COPY_UTIL secret $secret db-password $DST_NS
done
7 changes: 6 additions & 1 deletion deployment/v3/mosip/config-server/delete.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@ while true; do
if [ $yn = "Y" ]
then
kubectl -n $NS delete configmap global keycloak-host activemq-activemq-artemis-share s3 email-gateway
kubectl -n $NS delete secret db-common-secrets keycloak keycloak-client-secrets activemq-activemq-artemis softhsm-kernel softhsm-ida s3 email-gateway prereg-captcha conf-secrets-various
kubectl -n $NS delete secret keycloak keycloak-client-secrets activemq-activemq-artemis softhsm-kernel softhsm-ida s3 email-gateway prereg-captcha
DB_SECRET_REGEX='db-.*-secret'
db_secrets_list=$(kubectl get secrets -n $NS --no-headers -o custom-columns=':.metadata.name' | grep "$DB_SECRET_REGEX")
for db_secret in $db_secrets_list; do
kubectl -n $NS delete secret $db_secret
done
helm -n $NS delete config-server
break
else
Expand Down
2 changes: 1 addition & 1 deletion deployment/v3/mosip/masterdata-loader/copy_secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
# DST_NS: Destination namespace
COPY_UTIL=../../utils/copy_cm_func.sh
DST_NS=masterdata-loader
$COPY_UTIL secret db-common-secrets postgres $DST_NS
$COPY_UTIL secret db-mosip-master-secret db-password $DST_NS