Skip to content

merging all release changes to develop #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bhumi46 merged 3 commits into from
Nov 5, 2025
Merged

merging all release changes to develop #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1ca1e2e
[MOSIP-43395]move postgres ansible script from mosip-infra to infra r…
bhumi46 Oct 22, 2025
67de1b4
[DSD-9092] rapid deployment 0.1.0-beta release (#95)
Prafulrakhade Oct 24, 2025
c42037c
[DSD-9092] rapid deployment 0.1.0-beta release (#96)
Prafulrakhade Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions Helmsman/dsf/external-dsf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ apps:
databases.mosip_regprc.port: 5433

databases.mosip_pms.enabled: "true"
databases.mosip_pms.branch: "release-1.3.x"
databases.mosip_pms.branch: "v1.3.0-beta.2"
databases.mosip_pms.host: "postgres.sandbox.xyz.net"
databases.mosip_pms.port: 5433

Expand All @@ -129,7 +129,7 @@ apps:
databases.mosip_resident.port: 5433

databases.mosip_otp.enabled: "true"
databases.mosip_otp.branch: "release-1.3.x"
databases.mosip_otp.branch: "v1.3.0-beta.1"
databases.mosip_otp.host: "postgres.sandbox.xyz.net"
databases.mosip_otp.port: 5433

Expand All @@ -148,11 +148,11 @@ apps:
chart: mosip/keycloak
set:
image.repository: "mosipid/mosip-artemis-keycloak"
image.tag: "1.2.0.1"
image.tag: "1.2.0.2"
image.pullPolicy: "Always"
# Override Postgres image
postgresql.image.registry: "docker.io"
postgresql.image.repository: "mosipint/postgresql"
postgresql.image.repository: "mosipid/postgresql"
postgresql.image.tag: "14.2.0-debian-10-r70"
service.type: "ClusterIP"
auth.adminUser: "admin"
Expand Down Expand Up @@ -193,7 +193,7 @@ apps:
keycloak-init:
namespace: keycloak
enabled: true
version: 12.0.2-develop
version: 12.0.2
chart: mosip/keycloak-init
set:
# image.repository: "mosipid/keycloak-init"
Expand Down Expand Up @@ -245,7 +245,7 @@ apps:
version: 10.1.6
chart: mosip/minio
set:
image.repository: "mosipint/minio"
image.repository: "mosipid/minio"
image.tag: "2022.2.7-debian-10-r0"
metrics.serviceMonitor.enabled: "true"
extraEnvVars[0].name: "MINIO_PROMETHEUS_URL"
Expand Down Expand Up @@ -313,9 +313,9 @@ apps:
chart: bitnami/kafka
set:
# Add these for image overrides
image.repository: "mosipint/kafka"
image.repository: "mosipid/kafka"
image.tag: "3.2.1-debian-11-r9"
zookeeper.image.repository: "mosipint/zookeeper"
zookeeper.image.repository: "mosipid/zookeeper"
zookeeper.image.tag: "3.8.0-debian-11-r30"
clusterDomain: "cluster.local"
logRetentionBytes: "_1073741824"
Expand Down
6 changes: 3 additions & 3 deletions Helmsman/dsf/mosip-dsf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,14 +62,14 @@ apps:
conf-secrets:
namespace: conf-secrets
enabled: true
version: 12.0.3-develop
version: 12.0.3
chart: mosip/conf-secrets
priority: -20

config-server:
namespace: config-server
enabled: true
version: 12.0.3-develop
version: 12.0.3
chart: mosip/config-server
valuesFile: "$WORKDIR/utils/config-server-values.yaml"
wait: true
Expand Down Expand Up @@ -1075,7 +1075,7 @@ apps:
mosip-file-server:
namespace: mosip-file-server
enabled: true
version: 12.0.2-develop
version: 12.0.2
chart: mosip/mosip-file-server
set:
image.repository: "mosipid/mosip-file-server"
Expand Down
4 changes: 2 additions & 2 deletions Helmsman/dsf/prereq-dsf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ apps:
image.tag: "7.17.2-debian-10-r4"
# Kibana configuration and image
global.kibanaEnabled: "true"
kibana.image.repository: "mosipint/kibana"
kibana.image.repository: "mosipid/kibana"
kibana.image.tag: "7.17.2-debian-10-r0"
kibana.image.pullPolicy: IfNotPresent
data.heapSize: "728m"
Expand All @@ -73,7 +73,7 @@ apps:
master.persistence.size: "4Gi"
master.resources.requests.memory: "728Mi"
kibana.persistence.enabled: "false"
sysctlImage.repository: "mosipint/os-shell"
sysctlImage.repository: "mosipid/os-shell"
sysctlImage.tag: "12-debian-12-r46"
wait: true
timeout: 900
Expand Down
2 changes: 1 addition & 1 deletion Helmsman/dsf/testrigs-dsf.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ apps:
apitestrig:
namespace: apitestrig
enabled: true
version: 0.0.1-develop
version: 1.3.4
chart: mosip/apitestrig
set:
crontime: "0 2 * * *"
Expand Down
157 changes: 157 additions & 0 deletions Helmsman/utils/ansible/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
# PostgreSQL Secure Setup - MOSIP Infrastructure

Production-grade PostgreSQL deployment with secure password generation, Kubernetes integration, and private subnet optimization.

## Quick Start (3 Simple Steps)

```bash
# 1. Interactive inventory setup with smart defaults
./setup-vm-inventory.sh

# 2. Deploy PostgreSQL with secure setup
./run-postgresql-playbook.sh

# 3. Verify installation status
./check-postgresql-status.sh
```

## Core Features

### Deployment Features
- **Streamlined deployment** for private networks
- **Custom port configuration** (default 5433)
- **XFS filesystem** with optimized mount options
- **Connection pooling ready** with high max_connections

### Production Ready
- **Automated password generation** - no manual password handling
- **Kubernetes integration** - generates secrets and ConfigMaps
- **Data migration support** - moves existing data to new storage
- **Complete lifecycle management** - setup, monitoring, cleanup

## Essential Scripts

### Production Scripts
- **`run-postgresql-playbook.sh`** - Main secure deployment script
- **`postgresql-setup.yml`** - Secure Ansible playbook
- **`check-postgresql-status.sh`** - Status monitoring and verification
- **`cleanup-postgresql.sh`** - Safe cleanup with backups

### Configuration Files
- **`hosts.ini`** - Ansible inventory configuration
- **`postgresql-cleanup.yml`** - Cleanup playbook

## Configuration

Edit `hosts.ini` to configure your PostgreSQL server:

```ini
[postgresql_servers]
postgres-vm ansible_host=10.0.2.176 ansible_user=mosipuser ansible_ssh_private_key_file=~/.ssh/mosip-key

# Configuration Comments:
# PostgreSQL Version: 15
# PostgreSQL Port: 5433
# Storage Device: /dev/nvme2n1
# Mount Point: /srv/postgres
# Network CIDR: 10.0.0.0/8
# Kubernetes Namespace: postgres
```

## Advanced Usage

### Security Configuration
```bash
# Use custom Kubernetes namespace and secret name
./run-postgresql-playbook.sh --namespace production --secret-name postgres-creds

# Auto-confirm deployment (for automation)
./run-postgresql-playbook.sh --auto-confirm
```

### Kubernetes Integration
After deployment, Kubernetes files are generated in `/tmp/postgresql-secrets/`:
- `postgres-postgresql.yml` - Secret with credentials
- `postgres-setup-config.yml` - ConfigMap with connection details
- `DEPLOYMENT_INSTRUCTIONS.md` - Deployment guide

**Apply the generated secrets to Kubernetes:**
```bash
# Create the postgres namespace
kubectl create ns postgres

# Apply the generated YAML files
kubectl apply -f /tmp/postgresql-secrets/postgres-postgresql.yml
kubectl apply -f /tmp/postgresql-secrets/postgres-setup-config.yml
```

### Monitoring and Maintenance
```bash
# Check PostgreSQL status
./check-postgresql-status.sh

# Safe cleanup (creates backups)
./cleanup-postgresql.sh --safe
```

## Security Features

### Applied Security Measures
- 16-character secure passwords (mixed case, numbers, special chars)
- MD5 password encryption
- Private subnet deployment (no encryption overhead)
- Connection and statement audit logging
- Kubernetes secrets with proper base64 encoding
- Proper file permissions (0600 for secrets)
- Separation of sensitive and non-sensitive data
- No plaintext passwords in logs or files

## Requirements Checklist

### Server Requirements

- [ ] Ubuntu 20.04+ server
- [ ] 4GB+ RAM (8GB+ recommended)
- [ ] Dedicated storage device (e.g., `/dev/nvme2n1`)
- [ ] SSH key-based access configured

### Network Requirements

- [ ] Private subnet (10.0.0.0/8 recommended)
- [ ] SSH access on port 22
- [ ] PostgreSQL port 5433 accessible
- [ ] No encryption requirements (private network)

### Software Dependencies

- [ ] Ansible installed
- [ ] Python3-bcrypt package
- [ ] Python3-psycopg2 package
- [ ] SSH keys configured for target server

## Workflow Overview

```
Edit hosts.ini → run-postgresql-playbook.sh → PostgreSQL Ready
Kubernetes files generated
check-postgresql-status.sh (verify)
```

## What Changed from Previous Version

### Security Enhancements
- **Encryption Optimized**: Streamlined for private subnet deployment
- **Secure Password Generation**: Automated 16-character passwords
- **MD5 Encryption**: Standard password encryption
- **Kubernetes Integration**: Auto-generated secrets and ConfigMaps

### Operational Excellence
- **Automated Deployment**: One-command secure setup
- **Production Ready**: Enterprise-grade security and monitoring
- **Easy Integration**: Kubernetes-ready with generated manifests

---

*Secure, fast, and production-ready PostgreSQL for MOSIP infrastructure*
Loading
Loading