From 63551614296b36c3c2fdeeeb0b94df580099a07c Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Fri, 9 Feb 2024 15:19:59 -0500 Subject: [PATCH 1/2] WIFI-13246 Switch to non-HA postgres without pgpool Signed-off-by: Carsten Schafer --- chart/Chart.yaml | 16 +- chart/environment-values/deploy.sh | 198 +++++++++--------- ...values.openwifi-qa.single-external-db.yaml | 36 +++- chart/templates/_initdb_sql.tpl | 13 ++ chart/templates/secret-postgresql-initdb.yaml | 17 +- chart/values.yaml | 42 ++-- 6 files changed, 178 insertions(+), 144 deletions(-) create mode 100644 chart/templates/_initdb_sql.tpl diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 891b4be..f4e8a7f 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -44,10 +44,14 @@ dependencies: version: 0.1.0 condition: owlsui.enabled - name: haproxy - repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ - version: 0.2.21 + repository: oci://registry-1.docker.io/bitnamicharts + version: 0.13.3 condition: haproxy.enabled -- name: postgresql-ha - repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ - version: 8.6.13 - condition: postgresql-ha.enabled +#- name: postgresql-ha +# repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ +# version: 8.6.13 +# condition: postgresql-ha.enabled +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 13.4.3 + condition: postgresql.enabled diff --git a/chart/environment-values/deploy.sh b/chart/environment-values/deploy.sh index 6dc2c33..88ba013 100755 --- a/chart/environment-values/deploy.sh +++ b/chart/environment-values/deploy.sh @@ -2,48 +2,47 @@ set -e # Usage function -usage () { - echo >&2; - echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables" >&2; - echo >&2; - echo "Required environment variables:" >&2; - echo >&2; - echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')" >&2; - echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0" >&2; - echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)" >&2; - echo >&2; - echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment" >&2; - echo "- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build" >&2; - echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security" >&2; - echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)" >&2; - echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2; - echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket" >&2; - echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties" >&2; - echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services" >&2; - echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services" >&2; - echo >&2; - echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):" >&2; - echo >&2; - echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo "- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)" >&2; - echo >&2; - echo "Optional environment variables:" >&2; - echo >&2; - echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)" >&2; - echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator" >&2; - echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator" >&2; - echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services" >&2; - echo "- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default)" >&2; - echo "- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed" >&2; - echo "- MAILER_USERNAME - SMTP username used for OWSEC mailer" >&2; - echo "- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled)" >&2; +function usage() +{ + cat <<-EOF >&2 + +This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables + +Required environment variables: +- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test') +- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart), 'bundle' (will use chart stored in the Artifactory) or local +- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed) +- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment +- DOMAIN - Domain name. default: cicd.lab.wlan.tip.build +- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security +- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword) +- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket +- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket +- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties +- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services +- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services + +The following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0): +- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWANALYTICS_VERSION - OpenWIFI Analytics version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWSUB_VERSION - OpenWIFI Subscription (Userportal) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) +- OWRRM_VERSION - OpenWIFI radio resource management service (RRM) version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required) + +Optional environment variables: +- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,) +- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator +- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator +- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services +- INTERNAL_RESTAPI_ENDPOINT_SCHEMA - what schema to use for internal RESTAPI endpoints (https by default) +- IPTOCOUNTRY_IPINFO_TOKEN - token that should be set for IPInfo support (owgw/owprov iptocountry.ipinfo.token properties), ommited if not passed +- MAILER_USERNAME - SMTP username used for OWSEC mailer +- MAILER_PASSWORD - SMTP password used for OWSEC mailer (only if both MAILER_PASSWORD and MAILER_USERNAME are set, mailer will be enabled) +EOF } # Global variables @@ -51,32 +50,30 @@ VALUES_FILE_LOCATION_SPLITTED=() EXTRA_VALUES_SPLITTED=() # Helper functions -check_if_chart_version_is_release() { - PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v[0-9]+\.[0-9]+\.[0-9]+.*") - if [[ -z "$PARSED_CHART_VERSION" ]]; then - return 1 - else - return 0 - fi +function check_if_chart_version_is_release() +{ + [[ "$CHART_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]] } # Check if required environment variables were passed ## Deployment specifics [ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" >&2 && usage && exit 1 [ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" >&2 && usage && exit 1 -if check_if_chart_version_is_release; then - echo "Chart version ($CHART_VERSION) is release version, ignoring services versions" -else - echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set" - [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1 - [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1 +if [[ "$DEPLOY_METHOD" != "local" ]] ; then + if check_if_chart_version_is_release ; then + echo "Chart version ($CHART_VERSION) is a release version, ignoring services versions" + else + echo "Chart version ($CHART_VERSION) is not a release version, checking if services versions are set" + [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWANALYTICS_VERSION+x} ] && echo "OWANALYTICS_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWSUB_VERSION+x} ] && echo "OWSUB_VERSION is unset" >&2 && usage && exit 1 + [ -z ${OWRRM_VERSION+x} ] && echo "OWRRM_VERSION is unset" >&2 && usage && exit 1 + fi fi ## Environment specifics [ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" >&2 && usage && exit 1 @@ -108,54 +105,56 @@ export OWANALYTICS_VERSION_TAG=$(echo ${OWANALYTICS_VERSION} | tr '/' '-') export OWSUB_VERSION_TAG=$(echo ${OWSUB_VERSION} | tr '/' '-') export OWRRM_VERSION_TAG=$(echo ${OWRRM_VERSION} | tr '/' '-') -# Debug get bash version -bash --version >&2 - # Check deployment method that's required for this environment helm plugin install https://github.com/databus23/helm-diff || true -if [[ "$DEPLOY_METHOD" == "git" ]]; then - helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true - rm -rf wlan-cloud-ucentral-deploy || true - git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git - cd wlan-cloud-ucentral-deploy - git checkout $CHART_VERSION - cd chart - if ! check_if_chart_version_is_release; then - sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml - sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml - fi - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo update - helm dependency update - cd ../.. - export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart" -elif [[ "$DEPLOY_METHOD" == "bundle" ]]; then - helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true - export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION" +if [[ "$DEPLOY_METHOD" == "git" ]] ; then + helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true + rm -rf wlan-cloud-ucentral-deploy || true + git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git + cd wlan-cloud-ucentral-deploy + git checkout $CHART_VERSION + cd chart + if ! check_if_chart_version_is_release ; then + sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-analytics@/s/ref=.*/ref='${OWANALYTICS_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-userportal@/s/ref=.*/ref='${OWSUB_VERSION}'\"/g' Chart.yaml + sed -i '/wlan-cloud-rrm@/s/ref=.*/ref='${OWRRM_VERSION}'\"/g' Chart.yaml + fi + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + [ -z "$SKIP_DEPS" ] && helm dependency update + cd ../.. + export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart" +elif [[ "$DEPLOY_METHOD" == "bundle" ]] ; then + helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true + export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION" +elif [[ "$DEPLOY_METHOD" == "local" ]] ; then + export DEPLOY_SOURCE=".." + pushd .. + [ -z "$SKIP_DEPS" ] && helm dependency update + popd else - echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git or bundle" >&2 - exit 1 + echo "Deploy method is not correct: $DEPLOY_METHOD. Valid values: git, bundle or local" >&2 + exit 1 fi VALUES_FILES_FLAGS=() IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION" for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do - VALUES_FILES_FLAGS+=("-f" $VALUE_FILE) + VALUES_FILES_FLAGS+=("-f" $VALUE_FILE) done EXTRA_VALUES_FLAGS=() IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES" for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do - EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE) + EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE) done -if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then +if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]] ; then export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.${DOMAIN},fms-${NAMESPACE}.${DOMAIN},prov-${NAMESPACE}.${DOMAIN},analytics-${NAMESPACE}.${DOMAIN},sub-${NAMESPACE}.${DOMAIN}" export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.${DOMAIN}" else @@ -163,15 +162,8 @@ else export OWGW_SERVICE_DNS_RECORDS="" fi -echo "Deploying into openwifi-${NAMESPACE} with the following values files:" -echo ${VALUES_FILES_FLAGS[*]} -echo envsubst < values.custom.tpl.yaml > values.custom-${NAMESPACE}.yaml -echo "Using configuration:" -echo "---" -cat values.custom-${NAMESPACE}.yaml -echo "---" set -x helm upgrade --install --create-namespace --wait --timeout 60m \ --namespace openwifi-${NAMESPACE} \ diff --git a/chart/environment-values/values.openwifi-qa.single-external-db.yaml b/chart/environment-values/values.openwifi-qa.single-external-db.yaml index 6e91eb3..dba82dd 100644 --- a/chart/environment-values/values.openwifi-qa.single-external-db.yaml +++ b/chart/environment-values/values.openwifi-qa.single-external-db.yaml @@ -2,7 +2,7 @@ owgw: configProperties: simulatorid: 53494D020202 storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owgw storage.type.postgresql.username: owgw storage.type.postgresql.password: owgw @@ -10,7 +10,7 @@ owgw: owsec: configProperties: storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owsec storage.type.postgresql.username: owsec storage.type.postgresql.password: owsec @@ -18,7 +18,7 @@ owsec: owfms: configProperties: storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owfms storage.type.postgresql.username: owfms storage.type.postgresql.password: owfms @@ -26,7 +26,7 @@ owfms: owprov: configProperties: storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owprov storage.type.postgresql.username: owprov storage.type.postgresql.password: owprov @@ -34,7 +34,7 @@ owprov: owanalytics: configProperties: storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owanalytics storage.type.postgresql.username: owanalytics storage.type.postgresql.password: owanalytics @@ -42,15 +42,37 @@ owanalytics: owsub: configProperties: storage.type: postgresql - storage.type.postgresql.host: pgsql-pgpool + storage.type.postgresql.host: pgsql storage.type.postgresql.database: owsub storage.type.postgresql.username: owsub storage.type.postgresql.password: owsub -postgresql-ha: +postgresql: enabled: true initDbScriptSecret: enabled: true + initdbScriptsSecret: tip-openwifi-initdb-scripts + volumePermissions: + enabled: true + global: + postgresql: + auth: + postgresPassword: postgres + auth: + postgresPassword: postgres + primary: + extendedConfiguration: |- + max_connections = 550 + shared_buffers = 128MB + # log_error_verbosity = verbose + initdb: + scriptsSecret: tip-openwifi-initdb-scripts + +postgresql-ha: + enabled: false + initDbScriptSecret: + enabled: false + initdbScriptsSecret: tip-openwifi-initdb-scripts pgpool: adminPassword: admin resources: diff --git a/chart/templates/_initdb_sql.tpl b/chart/templates/_initdb_sql.tpl new file mode 100644 index 0000000..b01b65d --- /dev/null +++ b/chart/templates/_initdb_sql.tpl @@ -0,0 +1,13 @@ +{{- define "openwifi.user_creation_script_sql" -}} +{{- $root := . -}} +{{- $postgresqlBase := index .Values "postgresql" }} +{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql") "Release" $.Release) }} +{{ range index .Values "postgresql" "initDbScriptSecret" "services" }} +CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}; +ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}'; +CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }}; +GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}; +ALTER DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} OWNER TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }}; +{{ end }} +{{- end -}} + diff --git a/chart/templates/secret-postgresql-initdb.yaml b/chart/templates/secret-postgresql-initdb.yaml index 720da37..37413f1 100644 --- a/chart/templates/secret-postgresql-initdb.yaml +++ b/chart/templates/secret-postgresql-initdb.yaml @@ -1,5 +1,5 @@ {{- $root := . -}} -{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }} +{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }} --- apiVersion: v1 metadata: @@ -14,3 +14,18 @@ type: Opaque data: users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }} {{- end }} +{{- if index .Values "postgresql" "initDbScriptSecret" "enabled" }} +--- +apiVersion: v1 +metadata: + labels: + app.kubernetes.io/name: {{ include "openwifi.name" . }} + helm.sh/chart: {{ include "openwifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + name: {{ include "openwifi.fullname" . }}-initdb-scripts +kind: Secret +type: Opaque +data: + initdb.sql: {{ include "openwifi.user_creation_script_sql" . | b64enc | quote }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 986ab9b..c001e83 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,7 +1,6 @@ # OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/) owgw: fullnameOverride: owgw - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -9,7 +8,6 @@ owgw: # OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec) owsec: fullnameOverride: owsec - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -17,7 +15,6 @@ owsec: # OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms) owfms: fullnameOverride: owfms - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -25,7 +22,6 @@ owfms: # OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/) owprov: fullnameOverride: owprov - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -33,7 +29,6 @@ owprov: # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics) owanalytics: fullnameOverride: owanalytics - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -49,7 +44,6 @@ owprovui: # OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/) owsub: fullnameOverride: owsub - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -57,23 +51,18 @@ owsub: # OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/) owrrm: fullnameOverride: owrrm - mysql: enabled: true # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/) kafka: enabled: true - fullnameOverride: kafka - image: registry: docker.io repository: bitnami/kafka tag: 2.8.0-debian-10-r43 - minBrokerId: 100 - zookeeper: fullnameOverride: zookeeper @@ -81,7 +70,6 @@ kafka: clustersysteminfo: enabled: false delay: 0 # number of seconds to delay clustersysteminfo execution - images: clustersysteminfo: repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo @@ -103,23 +91,17 @@ clustersysteminfo: # limits: # cpu: 100m # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - public_env_variables: FLAGS: "-s --connect-timeout 3" OWSEC: owsec-owsec:16001 CHECK_RETRIES: 30 - secret_env_variables: OWSEC_DEFAULT_USERNAME: tip@ucentral.com OWSEC_DEFAULT_PASSWORD: openwifi #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression - activeDeadlineSeconds: 2400 backoffLimit: 5 restartPolicy: OnFailure @@ -127,9 +109,7 @@ clustersysteminfo: # OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls) owls: enabled: false - fullnameOverride: owls - configProperties: openwifi.kafka.enable: "true" openwifi.kafka.brokerlist: kafka:9092 @@ -137,17 +117,13 @@ owls: # OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui) owlsui: enabled: false - fullnameOverride: owlsui # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy) haproxy: enabled: true - fullnameOverride: proxy - - replicaCount: 3 - + replicaCount: 1 service: type: LoadBalancer ports: @@ -428,7 +404,6 @@ haproxy: # Cert-manager RESTAPI certs restapiCerts: enabled: false - services: - owgw-owgw - owsec-owsec @@ -438,9 +413,22 @@ restapiCerts: - owanalytics-owanalytics - owsub-owsub - owrrm-owrrm - clusterDomain: cluster.local +postgresql: + enabled: false + nameOverride: pgsql + fullnameOverride: pgsql + initDbScriptSecret: + enabled: false + services: + - owgw + - owsec + - owfms + - owprov + - owanalytics + - owsub + postgresql-ha: enabled: false nameOverride: pgsql From 796c78cf1c4be6b739ce9516543e150e251c1b38 Mon Sep 17 00:00:00 2001 From: Carsten Schafer Date: Fri, 9 Feb 2024 15:35:04 -0500 Subject: [PATCH 2/2] Also piggyback ingress changes on this bug WIFI-13357 Signed-off-by: Carsten Schafer --- chart/environment-values/values.aws.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/environment-values/values.aws.yaml b/chart/environment-values/values.aws.yaml index 98d2709..4edf225 100644 --- a/chart/environment-values/values.aws.yaml +++ b/chart/environment-values/values.aws.yaml @@ -15,8 +15,8 @@ owgwui: ingresses: default: enabled: true + className: alb annotations: - kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c @@ -65,8 +65,8 @@ owprovui: ingresses: default: enabled: true + className: alb annotations: - kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/group.name: wlan-cicd alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c