Skip to content

Commit

Permalink
Merge pull request #1022 from shubham17998/release-1.5.x
Browse files Browse the repository at this point in the history
[DSD-6742] updated/restructured install scripts for fixes
  • Loading branch information
ckm007 authored Nov 29, 2024
2 parents 08d9be8 + 409fc2e commit 54980e2
Show file tree
Hide file tree
Showing 10 changed files with 67 additions and 85 deletions.
6 changes: 3 additions & 3 deletions deploy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,18 @@
* `esignet-global` configmap: For eSignet K8's env, `esignet-global` configmap in `esignet` namespace contains Domain related information. Follow below steps to add domain details for `esignet-global` configmap.
* Copy `esignet-global-cm.yaml.sample` to `esignet-global-cm.yaml`.
* Update the domain names in `esignet-global-cm.yaml` correctly for your environment.
* Create a google recaptcha v2 ("I am not a Robot") from Google with required domain name ex:[sandbox.mosip.net] [Recaptcha Admin](https://www.google.com/recaptcha/about/) and set esignet captcha.
* Install pre-requisites
```
./install-prereq.sh
```
### Initialise pre-requisites
* Update values file for postgres init [here](postgres/init_values.yaml).
* Create a google recaptcha v2 ("I am not a Robot") from Google with required domain name ex:[sandbox.mosip.net] [Recaptcha Admin](https://www.google.com/recaptcha/about/).
* Execute `initialise-prereq.sh` script to initialise postgres and keycloak and set esignet captcha.
* Execute `initialise-prereq.sh` script to initialise postgres and keycloak.
```
./initialise-prereq.sh
```
### Install esignet, oidc and captcha service
### Install esignet and oidc
```
./install-esignet.sh
```
Expand Down
63 changes: 41 additions & 22 deletions deploy/captcha/install.sh
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
#!/bin/bash
## Installing captcha validation server.
## Combined Script: Installing Captcha Validation Server and Initializing Prerequisites
## Usage: ./install.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

ROOT_DIR=`pwd`
NS=captcha
CHART_VERSION=0.1.0-develop

function installing_captcha() {

while true; do
read -p "Do you want to continue installing captcha validation service? (y/n): " ans
if [ "$ans" = "Y" ] || [ "$ans" = "y" ]; then
Expand All @@ -22,14 +22,10 @@ function installing_captcha() {
fi
done

NS=captcha
CHART_VERSION=0.1.0-develop

echo Create $NS namespace
echo "Creating $NS namespace"
kubectl create ns $NS || true

echo Istio label

echo "Applying Istio label to namespace"
kubectl label ns $NS istio-injection=disabled --overwrite
helm repo update

Expand All @@ -46,24 +42,47 @@ function installing_captcha() {
fi
done

echo Installing captcha
echo "Installing captcha"
helm -n $NS install captcha mosip/captcha --version $CHART_VERSION --set metrics.serviceMonitor.enabled=$servicemonitorflag --wait

echo Installed captcha service
# Check if the second environment variable exists
ENV_VAR_EXISTS=$(kubectl -n captcha get deployment captcha -o jsonpath="{.spec.template.spec.containers[0].env[?(@.name=='MOSIP_CAPTCHA_SECRET_ESIGNET')].name}")
echo "Installed captcha service"

# Set up Captcha secrets for eSignet
while true; do
read -p "Do you want to continue configuring Captcha secrets for esignet? (y/n): " ans
if [[ "$ans" == "Y" || "$ans" == "y" ]]; then
ESIGNET_HOST=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-esignet-host})
echo "Please create captcha site and secret key for esignet domain: $ESIGNET_HOST"

echo "Please enter the reCAPTCHA admin site key for domain $ESIGNET_HOST:"
read ESITE_KEY
echo "Please enter the reCAPTCHA admin secret key for domain $ESIGNET_HOST:"
read ESECRET_KEY

if [[ -z "$ENV_VAR_EXISTS" ]]; then
# If the environment variable does not exist, add it
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' does not exist. Adding it..."
kubectl patch deployment -n captcha captcha --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
else
# If the environment variable exists, update it
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' exists. Updating it..."
kubectl patch deployment -n captcha captcha --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env[?(@.name==\"MOSIP_CAPTCHA_SECRET_ESIGNET\")]", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
fi
echo "Setting up Captcha secrets"
kubectl -n esignet create secret generic esignet-captcha --from-literal=esignet-captcha-site-key=$ESITE_KEY --from-literal=esignet-captcha-secret-key=$ESECRET_KEY --dry-run=client -o yaml | kubectl apply -f -
echo "Captcha secrets for esignet configured successfully"

return 0
../copy_cm_func.sh secret esignet-captcha esignet $NS

# Update or add environment variable
ENV_VAR_EXISTS=$(kubectl -n $NS get deployment captcha -o jsonpath="{.spec.template.spec.containers[0].env[?(@.name=='MOSIP_CAPTCHA_SECRET_ESIGNET')].name}")
if [[ -z "$ENV_VAR_EXISTS" ]]; then
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' does not exist. Adding it..."
kubectl patch deployment -n $NS captcha --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
else
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' exists. Updating it..."
kubectl patch deployment -n $NS captcha --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env[?(@.name==\"MOSIP_CAPTCHA_SECRET_ESIGNET\")]", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
fi

break
elif [[ "$ans" == "N" || "$ans" == "n" ]]; then
echo "Skipping Captcha secrets configuration."
break
else
echo "Please provide a correct option (Y or N)"
fi
done
}

# set commands for error handling.
Expand Down
1 change: 1 addition & 0 deletions deploy/esignet/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ function installing_esignet() {

COPY_UTIL=../copy_cm_func.sh
$COPY_UTIL configmap esignet-softhsm-share softhsm $NS
$COPY_UTIL configmap postgres-config postgres $NS
$COPY_UTIL configmap redis-config redis $NS
$COPY_UTIL secret esignet-softhsm softhsm $NS
$COPY_UTIL secret redis redis $NS
Expand Down
56 changes: 8 additions & 48 deletions deploy/initialise-prereq.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash

# Initialises prerequisite services for Esignet
# Initializes prerequisite services for Esignet
## Usage: ./install.sh [kubeconfig]

if [ $# -ge 1 ] ; then
Expand All @@ -23,68 +23,28 @@ function prompt_for_initialisation() {
cd $ROOT_DIR/"$module_name"
./"$module_name"-init.sh
else
echo "Skipping initialising of $module_name."
echo "Skipping initialization of $module_name."
fi
}

function initialising_Prerequisites() {

declare -a modules=("postgres" "keycloak" )
function initialising_prerequisites() {
declare -a modules=("postgres" "keycloak")
declare -A prompts=(
["postgres"]="Do you want to continue executing postgres init?"
["keycloak"]="Do you want to continue executing keycloak init?"
)

echo "Initialising prerequisite services"
echo "Initializing prerequisite services"

for module in "${modules[@]}"
do
prompt_for_initialisation "$module" "${prompts[$module]}"
done

while true; do
read -p "Do you want to continue configuring Captcha secrets for esignet ? (y/n) : " ans
if [ $ans='Y' ] || [ $ans='y' ]; then
echo "Please create captcha site and secret key for esignet domain: esignet.sandbox.xyz.net"

ESIGNET_HOST=$(kubectl -n esignet get cm esignet-global -o jsonpath={.data.mosip-esignet-host})
echo Please enter the recaptcha admin site key for domain $ESIGNET_HOST
read ESITE_KEY
echo Please enter the recaptcha admin secret key for domain $ESIGNET_HOST
read ESECRET_KEY

echo "Setting up captcha secrets"
kubectl -n $NS create secret generic esignet-captcha --from-literal=esignet-captcha-site-key=$ESITE_KEY --from-literal=esignet-captcha-secret-key=$ESECRET_KEY --dry-run=client -o yaml | kubectl apply -f -
echo "Captcha secrets for esignet configured sucessfully"

kubectl create ns captcha || true

./copy_cm_func.sh secret esignet-captcha $NS captcha

# Check if the second environment variable exists
ENV_VAR_EXISTS=$(kubectl -n captcha get deployment captcha -o jsonpath="{.spec.template.spec.containers[0].env[?(@.name=='MOSIP_CAPTCHA_SECRET_ESIGNET')].name}")

if [[ -z "$ENV_VAR_EXISTS" ]]; then
# If the environment variable does not exist, add it
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' does not exist. Adding it..."
kubectl patch deployment -n captcha captcha --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
else
# If the environment variable exists, update it
echo "Environment variable 'MOSIP_CAPTCHA_SECRET_ESIGNET' exists. Updating it..."
kubectl patch deployment -n captcha captcha --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env[?(@.name==\"MOSIP_CAPTCHA_SECRET_ESIGNET\")]", "value": {"name": "MOSIP_CAPTCHA_SECRET_ESIGNET", "valueFrom": {"secretKeyRef": {"name": "esignet-captcha", "key": "esignet-captcha-secret-key"}}}}]'
fi

elif [ "$ans" = "N" ] || [ "$ans" = "n" ]; then
exit 1
else
echo "Please provide a correct option (Y or N)"
fi
done

echo "Setting up dummy values for esignet misp license key"
echo "Setting up dummy values for Esignet MISP license key"
kubectl -n $NS create secret generic esignet-misp-onboarder-key --from-literal=mosip-esignet-misp-key='' --dry-run=client -o yaml | kubectl apply -f -

echo "All prerequisite services initialised successfully."
echo "All prerequisite services initialized successfully."
return 0
}

Expand All @@ -94,4 +54,4 @@ set -o errexit ## set -e : exit the script if any statement returns a non-true
set -o nounset ## set -u : exit the script if you try to use an uninitialized variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
initialising_Prerequisites # calling function
initialising_prerequisites # calling function
2 changes: 1 addition & 1 deletion deploy/install-esignet.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ function installing_eSignet() {

helm repo add mosip https://mosip.github.io/mosip-helm
# List of modules to install
declare -a modules=("esignet" "oidc-ui" "captcha")
declare -a modules=("esignet" "oidc-ui")

echo "Installing eSignet services"

Expand Down
4 changes: 2 additions & 2 deletions deploy/install-prereq.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ function installing_prerequisites() {
echo "Creating esignet-global configmap in esignet namespace"
kubectl -n esignet apply -f esignet-global-cm.yaml

declare -a modules=("istio-gateway" "postgres" "keycloak" "kafka" "redis" "softhsm")
declare -a modules=("istio-gateway" "postgres" "keycloak" "kafka" "redis" "softhsm" "captcha")
declare -A prompts=(
["softhsm"]="Do you want to install softhsm for esignet service in softhsm namespace? Opt "n" in case it already exists in Softhsm namespace: "
["keycloak"]="Do you want to deploy keycloak in the keycloak namespace? Opt "n" in case it already exists in keycloak namespace : "
Expand All @@ -43,7 +43,7 @@ function installing_prerequisites() {
echo "Installing prerequisite services"

for module in "${modules[@]}"; do
if [ "$module" == "istio-gateway" ] || [ "$module" == "postgres" ] || [ "$module" == "redis" ]; then
if [ "$module" == "istio-gateway" ] || [ "$module" == "postgres" ] || [ "$module" == "redis" ] || [ "$module" == "captcha" ]; then
cd "$ROOT_DIR/$module"
./install.sh
elif [[ -n "${prompts[$module]}" ]]; then
Expand Down
2 changes: 1 addition & 1 deletion deploy/postgres/init_values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@ databases:
key: postgres-password
dml: 1
repoUrl: https://github.com/mosip/esignet.git
branch: develop
branch: develop
3 changes: 1 addition & 2 deletions deploy/postgres/postgres-config.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -10,4 +9,4 @@ data:
database-host: "postgres-postgresql"
database-port: "5432"
database-username: "esignetuser"
database-name: "mosip_esignet"
database-name: "mosip_esignet"
5 changes: 3 additions & 2 deletions deploy/postgres/postgres-init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ function initialize_db() {
helm repo update

while true; do
read -p "Please confirm with "Y" once values-init.yaml is updated correctly with tag, postgres host, and password details else "N" to exit installation: " ans
read -p "Please confirm with "Y" once init-values.yaml is updated correctly with tag, postgres host, and password details else "N" to exit installation: " ans
if [ "$ans" = "Y" ] || [ "$ans" = "y" ]; then
break
elif [ "$ans" = "N" ] || [ "$ans" = "n" ]; then
Expand All @@ -29,8 +29,9 @@ function initialize_db() {
echo Removing existing mosip_esignet installation and secret
helm -n $NS delete esignet-postgres-init || true
kubectl -n $NS delete secret db-common-secrets || true
../copy_cm_func.sh secret postgres-postgresql postgres $NS
echo Initializing DB
helm -n $NS install esignet-postgres-init mosip/postgres-init --version $CHART_VERSION -f init_values.yaml --wait --wait-for-jobs
helm -n $NS install postgres-init mosip/postgres-init --set image.repository=mosipdev/postgres-init --set image.tag=develop --version $CHART_VERSION -f init_values.yaml --wait --wait-for-jobs
break
elif [ "$yn" = "N" ] || [ "$yn" = "n" ]; then
echo "Skipping esignet postgres DB initialisation as per your input"
Expand Down
10 changes: 6 additions & 4 deletions helm/esignet/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,8 @@ extraEnvVars: |
secretKeyRef:
name: esignet-captcha
key: esignet-captcha-site-key
- name: MOSIP_ESIGNET_INTEGRATION_AUDIT_PLUGIN
value: LoggerAuditService
- name: MOSIP_ESIGNET_CAPTCHA_MODULE_NAME
value: esignet
- name: IDA_AUTHENTICATOR_ENV
Expand All @@ -273,22 +275,22 @@ extraEnvVars: |
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: esignet-postgres-config
name: postgres-config
key: database-host
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: esignet-postgres-config
name: postgres-config
key: database-port
- name: DATABASE_NAME
valueFrom:
configMapKeyRef:
name: esignet-postgres-config
name: postgres-config
key: database-name
- name: DATABASE_USERNAME
valueFrom:
configMapKeyRef:
name: esignet-postgres-config
name: postgres-config
key: database-username
- name: DB_DBUSER_PASSWORD
valueFrom:
Expand Down

0 comments on commit 54980e2

Please sign in to comment.