Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MOSIP-37447] restructured postgres #997

Merged
merged 11 commits into from
Nov 27, 2024
44 changes: 44 additions & 0 deletions deploy/esignet-apitestrig/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# APITESTRIG

## Introduction
ApiTestRig will test the working of APIs of the MOSIP modules.

## Install
* Review `values.yaml` and, Make sure to enable required modules for apitestrig operation.
* Install
```sh
./install.sh
```
* During the execution of the `install.sh` script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
* If the server lacks a public domain and a valid SSL certificate, it is advisable to select the `n` option. Opting it will enable the `init-container` with an `emptyDir` volume and include it in the deployment process.
* The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., `cacerts`) file.
* This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

## Uninstall
* To uninstall ApiTestRig, run `delete.sh` script.
```sh
./delete.sh
```

## Run apitestrig manually

#### Rancher UI
* Run apitestrig manually via Rancher UI.
![apitestrig-2.png](../../docs/apitestrig-2.png)
* There are two modes of apitestrig `smoke` & `smokeAndRegression`.
* By default, apitestrig will execute with `smokeAndRegression`. <br>
If you want to run apitestrig with only `smoke`. <br>
You have to update the `apitestrig` configmap and rerun the specific apitestrig job.

#### CLI
* Download Kubernetes cluster `kubeconfig` file from `rancher dashboard` to your local.
![apitestrig-1.png](../../docs/apitestrig-1.png)
* Install `kubectl` package to your local machine.
* Run apitestrig manually via CLI by creating a new job from an existing k8s cronjob.
```
kubectl --kubeconfig=<k8s-config-file> -n apitestrig create job --from=cronjob/<cronjob-name> <job-name>
```
example:
```
kubectl --kubeconfig=/home/xxx/Downloads/qa4.config -n apitestrig create job --from=cronjob/cronjob-apitestrig-masterdata cronjob-apitestrig-masterdata
```
30 changes: 30 additions & 0 deletions deploy/esignet-apitestrig/delete.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/bin/bash
# Uninstalls apitestrig
## Usage: ./delete.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

function deleting_apitestrig() {
NS=esignet
while true; do
read -p "Are you sure you want to delete apitestrig helm charts?(Y/n) " yn
if [ $yn = "Y" ]
then
helm -n $NS delete esignet-apitestrig
break
else
break
fi
done
return 0
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
deleting_apitestrig # calling function
180 changes: 180 additions & 0 deletions deploy/esignet-apitestrig/install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
#!/bin/bash
# Installs apitestrig
## Usage: ./install.sh [kubeconfig]

if [ $# -ge 1 ] ; then
export KUBECONFIG=$1
fi

NS=esignet
CHART_VERSION=1.5.0-develop
COPY_UTIL=../copy_cm_func.sh

echo Create $NS namespace
kubectl create ns $NS

function installing_apitestrig() {
echo Istio label
kubectl label ns $NS istio-injection=disabled --overwrite
helm repo update

echo Copy Configmaps
$COPY_UTIL configmap global default $NS
$COPY_UTIL configmap keycloak-host keycloak $NS
$COPY_UTIL configmap artifactory-share artifactory $NS
$COPY_UTIL configmap config-server-share config-server $NS

echo echo Copy Secrtes
$COPY_UTIL secret keycloak-client-secrets keycloak $NS
$COPY_UTIL secret s3 s3 $NS
$COPY_UTIL secret postgres-postgresql postgres $NS

echo "Delete s3, db, & apitestrig configmap if exists"
kubectl -n $NS delete --ignore-not-found=true configmap s3
kubectl -n $NS delete --ignore-not-found=true configmap db
kubectl -n $NS delete --ignore-not-found=true configmap apitestrig

DB_HOST=$( kubectl -n default get cm global -o json |jq -r '.data."mosip-api-internal-host"' )
API_INTERNAL_HOST=$( kubectl -n default get cm global -o json |jq -r '.data."mosip-api-internal-host"' )
ENV_USER=$( kubectl -n default get cm global -o json |jq -r '.data."mosip-api-internal-host"' | awk -F '.' '/api-internal/{print $1"."$2}')

read -p "Please enter the time(hr) to run the cronjob every day (time: 0-23) : " time
if [ -z "$time" ]; then
echo "ERROT: Time cannot be empty; EXITING;";
exit 1;
fi
if ! [ $time -eq $time ] 2>/dev/null; then
echo "ERROR: Time $time is not a number; EXITING;";
exit 1;
fi
if [ $time -gt 23 ] || [ $time -lt 0 ] ; then
echo "ERROR: Time should be in range ( 0-23 ); EXITING;";
exit 1;
fi

echo "Do you have public domain & valid SSL? (Y/n) "
echo "Y: if you have public domain & valid ssl certificate"
echo "n: If you don't have a public domain and a valid SSL certificate. Note: It is recommended to use this option only in development environments."
read -p "" flag

if [ -z "$flag" ]; then
echo "'flag' was provided; EXITING;"
exit 1;
fi
ENABLE_INSECURE=''
if [ "$flag" = "n" ]; then
ENABLE_INSECURE='--set enable_insecure=true';
fi

read -p "Please provide the retention days to remove old reports ( Default: 3 )" reportExpirationInDays

if [[ -z $reportExpirationInDays ]]; then
reportExpirationInDays=3
fi
if ! [[ $reportExpirationInDays =~ ^[0-9]+$ ]]; then
echo "The variable \"reportExpirationInDays\" should contain only number; EXITING";
exit 1;
fi

read -p "Please provide slack webhook URL to notify server end issues on your slack channel : " slackWebhookUrl

if [ -z $slackWebhookUrl ]; then
echo "slack webhook URL not provided; EXITING;"
exit 1;
fi

valid_inputs=("yes" "no")
eSignetDeployed=""

while [[ ! " ${valid_inputs[@]} " =~ " ${eSignetDeployed} " ]]; do
read -p "Is the eSignet service deployed? (yes/no): " eSignetDeployed
eSignetDeployed=${eSignetDeployed,,} # Convert input to lowercase
done

if [[ $eSignetDeployed == "yes" ]]; then
echo "eSignet service is deployed. Proceeding with installation..."
else
echo "eSignet service is not deployed. hence will be skipping esignet related test-cases..."
fi
read -p "Is values.yaml for onboarder chart set correctly as part of pre-requisites? (Y/n) : " yn;
if [[ $yn = "Y" ]] || [[ $yn = "y" ]] ; then
NFS_OPTION=''
S3_OPTION=''
config_complete=false # flag to check if S3 or NFS is configured
while [ "$config_complete" = false ]; do
read -p "Do you have S3 details for storing Onboarder reports? (Y/n) : " ans
if [[ "$ans" == "y" || "$ans" == "Y" ]]; then
read -p "Please provide S3 host: " s3_host
if [[ -z $s3_host ]]; then
echo "S3 host not provided; EXITING;"
exit 1;
fi
read -p "Please provide S3 region: " s3_region
if [[ $s3_region == *[' !@#$%^&*()+']* ]]; then
echo "S3 region should not contain spaces or special characters; EXITING;"
exit 1;
fi
read -p "Please provide S3 access key: " s3_user_key
if [[ -z $s3_user_key ]]; then
echo "S3 access key not provided; EXITING;"
exit 1;
fi
S3_OPTION="--set apitestrig.configmaps.s3.s3-host=$s3_host --set apitestrig.configmaps.s3.s3-user-key=$s3_user_key --set apitestrig.configmaps.s3.s3-region=$s3_region"
push_reports_to_s3="yes"
config_complete=true
elif [[ "$ans" == "n" || "$ans" == "N" ]]; then
push_reports_to_s3="no"
read -p "Since S3 details are not available, do you want to use NFS directory mount for storing reports? (y/n) : " answer
if [[ $answer == "Y" ]] || [[ $answer == "y" ]]; then
read -p "Please provide NFS Server IP: " nfs_server
if [[ -z $nfs_server ]]; then
echo "NFS server not provided; EXITING."
exit 1;
fi
read -p "Please provide NFS directory to store reports from NFS server (e.g. /srv/nfs/<sandbox>/onboarder/), make sure permission is 777 for the folder: " nfs_path
if [[ -z $nfs_path ]]; then
echo "NFS Path not provided; EXITING."
exit 1;
fi
NFS_OPTION="--set apitestrig.volumes.reports.nfs.server=$nfs_server --set apitestrig.volumes.reports.nfs.path=$nfs_path"
config_complete=true
else
echo "Please rerun the script with either S3 or NFS server details."
exit 1;
fi
else
echo "Invalid input. Please respond with Y (yes) or N (no)."
fi
done
echo Installing esignet apitestrig
helm -n $NS install esignet-apitestrig mosip/apitestrig \
--set crontime="0 $time * * *" \
-f values.yaml \
--version $CHART_VERSION \
$NFS_OPTION \
$S3_OPTION \
--set apitestrig.variables.push_reports_to_s3=$push_reports_to_s3 \
--set apitestrig.configmaps.db.db-server="$DB_HOST" \
--set apitestrig.configmaps.db.db-su-user="postgres" \
--set apitestrig.configmaps.db.db-port="5432" \
--set apitestrig.configmaps.apitestrig.ENV_USER="$ENV_USER" \
--set apitestrig.configmaps.apitestrig.ENV_ENDPOINT="https://$API_INTERNAL_HOST" \
--set apitestrig.configmaps.apitestrig.ENV_TESTLEVEL="smokeAndRegression" \
--set apitestrig.configmaps.apitestrig.reportExpirationInDays="$reportExpirationInDays" \
--set apitestrig.configmaps.apitestrig.slack-webhook-url="$slackWebhookUrl" \
--set apitestrig.configmaps.apitestrig.eSignetDeployed="$eSignetDeployed" \
--set apitestrig.configmaps.apitestrig.NS="$NS" \
$ENABLE_INSECURE

echo Installed esignet apitestrig.
return 0
fi
}

# set commands for error handling.
set -e
set -o errexit ## set -e : exit the script if any statement returns a non-true return value
set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
set -o errtrace # trace ERR through 'time command' and other functions
set -o pipefail # trace ERR through pipes
installing_apitestrig # calling function
15 changes: 15 additions & 0 deletions deploy/esignet-apitestrig/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
modules:
esignet:
enabled: true
image:
repository: mosipqa/apitest-esignet
tag: develop
pullPolicy: Always

resources:
limits:
cpu: 300m
memory: 500Mi
requests:
cpu: 300m
memory: 500Mi
2 changes: 1 addition & 1 deletion deploy/postgres/.gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
db-common-secrets.yaml
esignet-postgres-postgresql.yaml
postgres-postgresql.yaml
postgres-host.yaml
.*.swp
2 changes: 1 addition & 1 deletion deploy/postgres/chart/istio-addons/templates/gateway.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ spec:
name: postgres
protocol: TCP
hosts:
- {{ .Values.postgresHost }}
- {{ .Values.postgresHost }}
5 changes: 2 additions & 3 deletions deploy/postgres/chart/istio-addons/templates/vs.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: esignet-postgres
name: postgres
spec:
hosts:
- "*"
Expand All @@ -12,8 +12,7 @@ spec:
- port: 5432
route:
- destination:
host: esignet-postgres-postgresql
host: postgres-postgresql
port:
number: 5432


2 changes: 1 addition & 1 deletion deploy/postgres/chart/istio-addons/values.yaml
Original file line number Diff line number Diff line change
@@ -1 +1 @@
postgresHost: esignet-postgres.sandbox.xyz.net
postgresHost: postgres.sandbox.xyz.net
10 changes: 5 additions & 5 deletions deploy/postgres/delete.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,16 @@ if [ $# -ge 1 ] ; then
fi

function deleting_postgres() {
NS=esignet
NS=postgres
while true; do
read -p "CAUTION: PVC, PV will get deleted. If your PV is not in 'Retain' mode all Postgres data will be lost. Are you sure? (Y/n): " yn
if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
echo "Deleting Postgres resources..."
helm -n $NS delete esignet-postgres || echo "Failed to delete esignet-postgres helm release"
helm -n $NS delete postgres || echo "Failed to delete postgres helm release"
helm -n $NS delete istio-addons || echo "Failed to delete istio-addons helm release"
kubectl -n $NS delete pvc data-esignet-postgres-postgresql-0 || echo "Failed to delete PVC"
helm -n $NS delete esignet-postgres-init || echo "Failed to delete esignet-postgres-init helm release"
kubectl -n $NS delete secret esignet-postgres-postgresql || echo "Failed to delete esignet-postgres-init secret"
kubectl -n $NS delete pvc data-postgres-postgresql-0 || echo "Failed to delete PVC"
helm -n $NS delete postgres-init || echo "Failed to delete postgres-init helm release"
kubectl -n $NS delete secret postgres-postgresql || echo "Failed to delete postgres-init secret"
kubectl -n $NS delete secret db-common-secrets || echo "Failed to delete db-common-secrets secret"
break
elif [ "$yn" = "N" ] || [ "$yn" = "n" ]; then
Expand Down
6 changes: 3 additions & 3 deletions deploy/postgres/generate-secret-cm.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
os.system(f"kubectl create -f {yaml_file} --save-config")

# Main script logic
namespace = "esignet"
namespace = "postgres"
check_namespace(namespace)

# Handle db-dbuser-password secret
Expand All @@ -91,7 +91,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
create_or_update_secret(db_secret_name, namespace, "db-dbuser-password", password)

# Handle postgres-password secret
postgres_secret_name = "esignet-postgres-postgresql"
postgres_secret_name = "postgres-postgresql"
if secret_exists(postgres_secret_name, namespace):
overwrite = input(f"Secret '{postgres_secret_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ")
if overwrite.lower() == 'y':
Expand All @@ -105,7 +105,7 @@ def create_or_update_configmap(configmap_name, namespace, postgres_host, postgre
create_or_update_secret(postgres_secret_name, namespace, "postgres-password", postgres_password)

# Handle ConfigMap creation for PostgreSQL
configmap_name = "esignet-postgres-config"
configmap_name = "postgres-config"
if configmap_exists(configmap_name, namespace):
overwrite = input(f"ConfigMap '{configmap_name}' already exists in namespace '{namespace}'. Overwrite? (y/n): ")
if overwrite.lower() == 'y':
Expand Down
4 changes: 2 additions & 2 deletions deploy/postgres/init_values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ dbUserPasswords:
databases:
mosip_esignet:
enabled: true
host: "esignet-postgres-postgresql.esignet"
host: "postgres-postgresql"
port: 5432
su:
user: postgres
secret:
name: esignet-postgres-postgresql
name: postgres-postgresql
key: postgres-password
dml: 1
repoUrl: https://github.com/mosip/esignet.git
Expand Down
Loading
Loading