[MOSIP-35490] moved required helm and deploy scripts to modular repo (#…

…1590)

* [MOSIP-35490] moved required helm and deploy scripts to modular repo

Signed-off-by: Chandra Keshav Mishra <[email protected]>

* Update values.yaml

Signed-off-by: Praful Rakhade <[email protected]>

---------

Signed-off-by: Chandra Keshav Mishra <[email protected]>
Signed-off-by: Praful Rakhade <[email protected]>
Co-authored-by: Praful Rakhade <[email protected]>

deploy/conf-secrets/README.md

@@ -0,0 +1,40 @@
+# Config Server Secrets
+
+This module generates and install secrets required by config-server.
+
+Note: 
+* The conf-secrets must not be deleted in any case of re-deployment, upgrade or migration process as we have separated the conf-secrets from config-server to ensure conf-secrets are not deleted.
+* Incase if you have a scenario where you have to delete the conf-secrets from the environment make sure to run `delete.sh` script as the script delete's the helm chart and takes the backup of the existing `conf-secrets-various` secret.
+
+
+## Install
+```sh
+./install.sh [kubeconfig]
+```
+
+## Delete 
+```
+./delete.sh [kubeconfig]
+```
+
+## Secrets to be updated for Migartion scenerios
+### 1.1.5.5-P1 to 1.2.0.1
+* After installing Conf secrets in 1.2.0.1 update below mentioned keys with values from V2 configuration files.
+*  | Property file (V2 conf)         | Property file (V3 conf)              | parameters | keys (Conf-screts) |
+   |---------------------------------|--------------------------------------|--|--|
+   | id-authentication-mz.properties | id-authentication-default.properties | ida-websub-authtype-callback-secret | ida-websub-authtype-callback-secret |
+   | id-authentication-mz.properties | id-authentication-default.properties | ida-websub-ca-certificate-callback-secret | ida-websub-ca-certificate-callback-secret |
+   | id-authentication-mz.properties | id-authentication-default.properties | ida-websub-credential-issue-callback-secret | ida-websub-credential-issue-callback-secret |
+   | id-authentication-mz.properties | id-authentication-default.properties | ida-websub-hotlist-callback-secret | ida-websub-hotlist-callback-secret |
+   | id-authentication-mz.properties | id-authentication-default.properties | ida-websub-partner-service-callback-secret | ida-websub-partner-service-callback-secret |
+   | mimoto-mz.properties            | mimoto-default.properties            | mosip.partner.crypto.p12.password | mosip-partner-crypto-p12-password |
+   | print-mz.properties             | print-default.properties             | mosip.event.secret | print-websub-hub-secret |
+   | id-authentication-mz.properties | id-authentication-default.properties | mosip.ida.kyc.token.secret | mosip-ida-kyc-token-secret |
+   | mimoto-mz.properties            | mimoto-default.properties            | wallet.binding.partner.api.key | mimoto-wallet-binding-partner-api-key |   
+   | id-authentication-mz.properties | id-authentication-default.properties | mosip-kernel-tokenid-uin-salt | mosip-kernel-tokenid-uin-salt |
+   | id-authentication-mz.properties | id-authentication-default.properties | mosip.kernel.tokenid.partnercode.salt | mosip-kernel-tokenid-partnercode-salt |
+   | resident-mz.properties          | resident-default.properties          | resident.websub.authtype.status.secret | resident-websub-authtype-status-secret |
+   | resident-mz.properties          | resident-default.properties          | resident.websub.credential.status.update.secret | resident-websub-credential-status-update-secret |
+   | resident-mz.properties          | resident-default.properties          | resident.websub.auth.transaction.status.secret | resident-websub-auth-transaction-status-secret |
+   | id-authentication-mz.properties  | id-authentication-default.properties | ida-websub-masterdata-templates-callback-secret | ida-websub-masterdata-templates-callback-secret |
+   | id-repository-mz.properties | id-repository-default.properties | mosip.idrepo.websub.vid-credential-update.secret | idrepo-websub-vid-credential-update-secret |

deploy/conf-secrets/delete.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# Uninstalls the conf-secrets helm chart
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function deleting_conf_secrets() {
+  NS=conf-secrets
+  SECRET_NAME=conf-secrets-various
+  BACKUP_DIR=./conf_secrets_backup
+  mkdir -p $BACKUP_DIR
+  while true; do
+      read -p "Are you sure you want to delete the conf-secrets helm chart?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          # Backup the conf-secrets
+          kubectl get secret $SECRET_NAME -n $NS -o yaml > $BACKUP_DIR/$SECRET_NAME.yaml
+          helm -n $NS delete conf-secrets
+          echo "deleted conf-secrets helm chart"
+          echo "Backup of conf-secrets is taken and stored in conf_secrets_backup directory."
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_conf_secrets   # calling function

deploy/conf-secrets/install.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# Installs config-server secrets
+## Usage: ./install_secrets.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=conf-secrets
+CHART_VERSION=0.0.1-develop
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function config_secrets() {
+  echo Istio label
+  kubectl label ns $NS istio-injection=enabled --overwrite
+  helm repo update
+
+  echo "Installing Secrets required by config-server"
+  helm -n $NS install conf-secrets mosip/conf-secrets --version $CHART_VERSION --wait
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+config_secrets   # calling function

deploy/config-server/README.md

@@ -0,0 +1,31 @@
+# Config server
+
+## Introduction
+Config server serves all properties required by MOSIP modules. This must be installed before any other MOSIP modules.
+
+## Pre-requisites
+* `conf-secrets` MOSIP module.
+
+## Install
+* Review `values.yaml` and make sure git repository parameters are as per your installation.
+* Install
+```sh
+./install.sh
+```
+
+## Delete
+* To delete config-server.
+```sh
+./delete.sh
+```
+
+## Enable config-server to pull configurations from local git repository.
+
+Enable Config-server to Pull Configurations from Local Repository:
+* While running the install script the user will be prompted to decide whether the config-server should pull configurations from a local repository (NFS).
+* If the user choose to use local git repository then the user will be asked to provide the NFS path(Dir where local repository is cloned) and the NFS server IP.
+* If the user choose to not to pull configurations from a local repository (NFS) then the configurations will be pulled from remote repository which is defined in values.yaml file.   
+
+Note: 
+* Before choosing to pull configurations from a local repository (NFS) the user must clone the config-server repository manually into the nfs server where the configurations can be maintained.
+* And checkout to the specific branch from where the configurations need to be taken.

deploy/config-server/copy_cm.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+
+function copying_cm() {
+  UTIL_URL=https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=config-server # DST_NS: Destination namespace
+
+  wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh
+
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap keycloak-host keycloak $DST_NS
+  $COPY_UTIL configmap activemq-activemq-artemis-share activemq $DST_NS
+  $COPY_UTIL configmap s3 s3 $DST_NS
+  $COPY_UTIL configmap msg-gateway msg-gateways $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function

deploy/config-server/copy_secrets.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Copy secrets from other namespaces
+
+function copying_secrets() {
+  UTIL_URL=https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh
+  COPY_UTIL=./copy_cm_func.sh
+
+  DST_NS=config-server  # DST_NS: Destination namespace
+
+  wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh
+
+  $COPY_UTIL secret db-common-secrets postgres $DST_NS
+  $COPY_UTIL secret keycloak keycloak $DST_NS
+  $COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
+  $COPY_UTIL secret activemq-activemq-artemis activemq $DST_NS
+  $COPY_UTIL secret softhsm-kernel softhsm $DST_NS
+  $COPY_UTIL secret softhsm-ida softhsm $DST_NS
+  $COPY_UTIL secret s3 s3 $DST_NS
+  $COPY_UTIL secret msg-gateway msg-gateways $DST_NS
+  $COPY_UTIL secret mosip-captcha captcha $DST_NS
+  $COPY_UTIL secret conf-secrets-various conf-secrets $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_secrets   # calling function

deploy/config-server/delete.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Uninstalls config server
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function config_server() {
+  NS=config-server
+  while true; do
+      read -p "Are you sure you want to delete config-server helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          kubectl -n $NS delete configmap global keycloak-host activemq-activemq-artemis-share s3 msg-gateway
+          kubectl -n $NS delete secret db-common-secrets keycloak keycloak-client-secrets activemq-activemq-artemis softhsm-kernel softhsm-ida s3 msg-gateway mosip-captcha conf-secrets-various
+          helm -n $NS delete config-server
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+config_server   # calling function

deploy/config-server/get_encrypt_key.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# Config server encryption key. 
+# NOTE: Needed if you encrypt data and hardcode it in the property files.
+echo Config server encryption key: $(kubectl get secret --namespace config-server config-server -o jsonpath="{.data.encrypt-key}" | base64 --decode)

deploy/config-server/get_keycloak_secrets.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+# All keycloak secrets as seen by config server. Note that source of keycloak secrets is in keycloak namespace
+# the secrets here are copy of the original.  They must match.  This script is more for debugging if there some
+# mismatch.
+echo Keycloak admin password: $(kubectl get secret --namespace config-server keycloak  -o jsonpath="{.data.admin-password}" | base64 --decode)
+echo Keycloak preregistration client password: $(kubectl get secret --namespace config-server keycloak-client-secrets  -o jsonpath="{.data.preregistration_mosip_prereg_client_secret}" | base64 --decode)
+echo Keycloak mosip-admin-client password: $(kubectl get secret --namespace config-server keycloak-client-secrets  -o jsonpath="{.data.mosip_mosip_admin_client_secret}" | base64 --decode)

deploy/config-server/install.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# Installs config-server
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=config-server
+CHART_VERSION=0.0.2-develop
+
+read -p "Is conf-secrets module installed?(Y/n) " conf_installed
+read -p "Do you want to enable config-server to pull configurations from multiple repositories?(Y/n)( Default: n )" comp_enabled
+if [[ -z $comp_enabled ]]; then
+  comp_enabled=n
+fi
+if [ "$comp_enabled" = "Y" ]; then
+  COMPOSITE_PROFILES="true"
+else
+  COMPOSITE_PROFILES="false"
+fi
+
+read -p "Do you want to enable config-server to pull configurations from local repository?(Y/n)( Default: n )" local_enabled
+if [[ -z $local_enabled ]]; then
+  local_enabled=n
+fi
+
+if [ "$local_enabled" = "Y" ]; then
+  LOCALREPO="true"
+  read -p "Provide the NFS path where the local repository is cloned/maintained: " path
+  NFS_PATH="$path"
+
+  read -p "Provide the NFS IP address of the server where the local repository is cloned: " ip
+  NFS_SERVER="$ip"
+else
+  LOCALREPO="false"
+  NFS_PATH=""
+  NFS_SERVER=""
+fi
+
+if [ $conf_installed = "Y" ]; then read -p "Is values.yaml for config-server chart set correctly as part of Pre-requisites?(Y/n) " yn; fi
+if [ $yn = "Y" ]
+  then
+    echo Create $NS namespace
+    kubectl create ns $NS
+
+    # set commands for error handling.
+    set -e
+    set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+    set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+    set -o errtrace  # trace ERR through 'time command' and other functions
+    set -o pipefail  # trace ERR through pipes
+
+    echo Istio label
+    kubectl label ns $NS istio-injection=enabled --overwrite
+    helm repo update
+
+    echo Copy configmaps
+    sed -i 's/\r$//' copy_cm.sh
+    ./copy_cm.sh
+
+    echo Copy secrets
+    sed -i 's/\r$//' copy_secrets.sh
+    ./copy_secrets.sh
+
+    echo "Installing config-server"
+    helm -n $NS install config-server mosip/config-server \
+    --set spring_profiles.enabled="$COMPOSITE_PROFILES" \
+    --set localRepo.enabled="$LOCALREPO" \
+    --set volume.nfs.path="$NFS_PATH" \
+    --set volume.nfs.server="$NFS_SERVER" \
+    -f values.yaml \
+    --wait --version $CHART_VERSION
+    echo "Installed Config-server".
+  else
+    echo Exiting the MOSIP installation. Please meet the pre-requisites and than start again.
+    kill -9 `ps --pid $$ -oppid=`; exit
+fi

deploy/config-server/restart.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# Restart the config-server service
+## Usage: ./restart.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function config_server() {
+  NS=config-server
+  kubectl -n $NS rollout restart deploy
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Restarted config-server services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+config_server   # calling function