From 122fc524b1ef5fc92f3268d406af5e47b49017b1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 16:45:28 +0300 Subject: [PATCH 01/17] onprem: 2.7.15 --- codefresh/Chart.yaml | 4 ++-- codefresh/README.md | 2 +- codefresh/files/mongoSeedJobScript.sh | 26 ++++++++++++++++---------- 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/codefresh/Chart.yaml b/codefresh/Chart.yaml index 8c7bea030..b4956b2f9 100644 --- a/codefresh/Chart.yaml +++ b/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.7.14 +version: 2.7.15 keywords: - codefresh home: https://codefresh.io/ @@ -19,7 +19,7 @@ annotations: # supported kinds are added, changed, deprecated, removed, fixed and security. artifacthub.io/changes: | - kind: fixed - description: "Fix delete-consul-svc hook job not to fail when consul service is not found" + description: "Fix mongo-seed job with Mongo MTLS enabled" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/codefresh/README.md b/codefresh/README.md index 480a616f1..e38daf17e 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -1,6 +1,6 @@ ## Codefresh On-Premises -![Version: 2.7.14](https://img.shields.io/badge/Version-2.7.14-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) +![Version: 2.7.15](https://img.shields.io/badge/Version-2.7.15-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes. diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 53947038f..ea412c977 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -12,7 +12,7 @@ export MONGODB_ROOT_PASSWORD=... COMMENT -# set -eou pipefail +set -x ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/} @@ -34,7 +34,7 @@ MONGODB_DATABASES=( ) disableMongoTelemetry() { - mongosh --nodb --eval "disableTelemetry()" + mongosh --nodb --eval "disableTelemetry()" || true } waitForMongoDB() { @@ -82,6 +82,12 @@ setPacks() { parseMongoURI $MONGO_URI +if [[ -s /etc/ssl/mongodb/ca.pem ]]; then + MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" +else + MONGO_URI_EXTRA_PARAMS="" +fi + disableMongoTelemetry waitForMongoDB @@ -90,20 +96,20 @@ getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true if [[ $DEVELOPMENT_CHART == "true" ]]; then setSystemAdmin setPacks fi -mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json -mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json -mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json From 91c31264df32850c08f1219b01c9dfd1ea4e6958 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:03:29 +0300 Subject: [PATCH 02/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index ea412c977..449f35035 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -56,6 +56,9 @@ parseMongoURI() { local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi local url="$(echo ${1/$proto/})" local userpass="$(echo $url | grep @ | cut -d@ -f1)" + if [[ -z $userpass ]]; then + userpass="${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}" + fi local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" From 4a1c448dff159d612ba5182efb95ef32048c3a46 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:18:51 +0300 Subject: [PATCH 03/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 449f35035..1a6b34211 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -39,7 +39,7 @@ disableMongoTelemetry() { waitForMongoDB() { while true; do - status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1) + status=$(mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.adminCommand('ping')" 2>&1) echo -e "MongoDB status:\n$status" if $(echo $status | grep 'ok: 1' -q); then @@ -57,9 +57,10 @@ parseMongoURI() { local url="$(echo ${1/$proto/})" local userpass="$(echo $url | grep @ | cut -d@ -f1)" if [[ -z $userpass ]]; then - userpass="${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}" + hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + else + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" fi - local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" From e7b6c59488dfd410da72df1f5c71bb1662eef849 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:33:59 +0300 Subject: [PATCH 04/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 1 + codefresh/files/mongoSeedJobScript.sh | 9 +++++++-- codefresh/templates/seed/mongo-seed-job.yaml | 2 ++ codefresh/values.yaml | 2 ++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index 6ba0f60cb..ec1ffb8e7 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,7 @@ seed: mongoSeedJob: mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin + mongodbRootOptions: authSource=admin global: appUrl: "" # placeholder for ${CF_APP_HOST} diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 1a6b34211..defa8a8fc 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -57,7 +57,7 @@ parseMongoURI() { local url="$(echo ${1/$proto/})" local userpass="$(echo $url | grep @ | cut -d@ -f1)" if [[ -z $userpass ]]; then - hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" else local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" fi @@ -65,7 +65,12 @@ parseMongoURI() { MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" - MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" + if [[ -z $MONGODB_ROOT_OPTIONS ]]; then + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" + else + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}" + fi + } getMongoVersion() { diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index a97706859..f0946cc93 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -52,6 +52,8 @@ spec: {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_OPTIONS + value: {{ .Values.seed.mongoSeedJob.mongodbRootOptions | quote }} - name: DEVELOPMENT_CHART value: {{ .Values.developmentChart | quote }} command: diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 9f09fe5e6..4eb929a17 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -45,6 +45,8 @@ seed: # mongodbRootUserSecretKeyRef: # name: my-secret # key: mongodb-root-user + # -- Extra options for connection string (e.g. `authSource=admin`). + mongodbRootOptions: "" # -- Root password in plain text (required ONLY for seed job!). mongodbRootPassword: "XT9nmM8dZD" From 472f5ec509324c0e093c5a827229efcfc4263c80 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:36:58 +0300 Subject: [PATCH 05/17] onprem: 2.7.15 --- codefresh/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/codefresh/README.md b/codefresh/README.md index e38daf17e..3d5ac1e29 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2331,6 +2331,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI | | seed.enabled | bool | `true` | Enable all seed jobs | | seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. | +| seed.mongoSeedJob.mongodbRootOptions | string | `""` | Extra options for connection string (e.g. `authSource=admin`). | | seed.mongoSeedJob.mongodbRootPassword | string | `"XT9nmM8dZD"` | Root password in plain text (required ONLY for seed job!). | | seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret | | seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). | From cda5a6b759509fed3e31d7b359dac346ae4b23b3 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:48:34 +0300 Subject: [PATCH 06/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 64 ++++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index ec1ffb8e7..c8411a811 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -59,37 +59,37 @@ mongodb: enabled: true rootUser: root rootPassword: "XT9nmM8dZDZ" - initdbScripts: - my_init_script.sh: | - #!/bin/bash - - set -eou xtrace - - export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin - MONGODB_DATABASES=( - "archive" - "audit" - "charts-manager" - "cluster-providers" - "codefresh" - "context-manager" - "gitops-dashboard-manager" - "k8s-monitor" - "pipeline-manager" - "platform-analytics-postgres" - "read-models" - "runtime-environment-manager" - ) - - mongosh "$MONGODB_ROOT_URI" --eval 'db.getSiblingDB("\$external").runCommand( { createUser: "CN=cfuser,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", roles: [ { role: "readWrite", db: "test" }, { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "codefresh" }, { role: "readWrite", db: "pipeline-manager" }, { role: "readWrite", db: "runtime-environment-manager" }, { role: "readWrite", db: "context-manager" }, { role: "readWrite", db: "cluster-providers" }, { role: "readWrite", db: "charts-manager" }, { role: "readWrite", db: "k8s-monitor" }, { role: "readWrite", db: "read-models" }, { role: "readWrite", db: "audit" }, { role: "readWrite", db: "platform-analytics-postgres" } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )' - - for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')" - done - - mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json - mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json - mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json + # initdbScripts: + # my_init_script.sh: | + # #!/bin/bash + + # set -eou xtrace + + # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin + # MONGODB_DATABASES=( + # "archive" + # "audit" + # "charts-manager" + # "cluster-providers" + # "codefresh" + # "context-manager" + # "gitops-dashboard-manager" + # "k8s-monitor" + # "pipeline-manager" + # "platform-analytics-postgres" + # "read-models" + # "runtime-environment-manager" + # ) + + # mongosh "$MONGODB_ROOT_URI" --eval 'db.getSiblingDB("\$external").runCommand( { createUser: "CN=cfuser,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", roles: [ { role: "readWrite", db: "test" }, { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "codefresh" }, { role: "readWrite", db: "pipeline-manager" }, { role: "readWrite", db: "runtime-environment-manager" }, { role: "readWrite", db: "context-manager" }, { role: "readWrite", db: "cluster-providers" }, { role: "readWrite", db: "charts-manager" }, { role: "readWrite", db: "k8s-monitor" }, { role: "readWrite", db: "read-models" }, { role: "readWrite", db: "audit" }, { role: "readWrite", db: "platform-analytics-postgres" } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )' + + # for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do + # mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')" + # done + + # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json + # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json + # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json extraVolumeMounts: - name: extras @@ -102,7 +102,7 @@ mongodb: name: cf-codefresh-mongo-seed tls: - enabled: true + enabled: false autoGenerated: false caCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGVENDQWYyZ0F3SUJBZ0lRZWVySXdOWkNpdyt1alRPdHZ2TEZLREFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwdGVVMXZibWR2TFdOaE1CNFhEVEl5TVRFd01qRTRNRFl6TWxvWERUTXlNVEF6TURFNApNRFl6TWxvd0ZURVRNQkVHQTFVRUF4TUtiWGxOYjI1bmJ5MWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTGxpV3dIVDQ5OWE0MzgrUWZjcExTNThVT2FsV3ArVXhkWVYwQjZkVTlFejlQSW4KTncydXZqNWtjN3RtU08xUk5ReEJRVjZpOHNBWHdQcTM1WlZYdTQ2OHhURkdHMXZBTWhrTkQ1OTJWd3JFNElCSgpTMm9XNEV6UWJPR3Fsd2ZBanNMZ1VlRjdBbHRuUEVNMjBSQ3hpMzhPNGY0VHZNZHpQamhIa2NNU2NMaHNhYjRlCjYrbVA0MFJBcEdLc2hwV2YwbnoyMXErWU83Zm4wNjVYd3dvUVBvL1BZa0FLdWNHZk1xRjltYXRCYWdUMlVwT0cKSFlRa2pzRW1zSmxEdkhsV1RBdzU2eFl4UU9UbUVWU2hkYzlKRDNmWEZEVkd6L1NVYkZXQTVualBLL0QvbXdpawppM0RaL0h6SUVEbXBJUElxRERsTGdIL3F6b3Jlb0NKMjB1YnlCb1VDQXdFQUFhTmhNRjh3RGdZRFZSMFBBUUgvCkJBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQjBHQTFVZERnUVdCQlFXTWg5RDRiVkljRWQ2dVBOZ1RqWGpMWUpoSmpBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFSUTBaV3F0dUlLWHNHTTJ4TW1Za0VJTHprckJySktiWXhIOFlCUEJFTjZZT09la0o2Q1FhCjQzZitmaHJlQ2o4NFdwSzdwckNEcjJYTmlHNHJlYjBrU2dYdmpyZUVBTzU0Q1FzelJwR0xUVjROMTBjTDdHUVoKaXd6OElGMXppTld4WXVXK29aSFRBQ2NMRkJkUnFFZWNSWUJXTU0vaDhZcldoWTRIaXlIMHp4UkRsOGNpU2ZOMApoa2lURzZQd0V0S29ZRWUwZ21OWXhkWFNzZ2FMZFlUMjNiMGJsMlB3OUdZdkJlWmFpZlZTbllDYmhmTDNPVkQxCjV6YnBXNHhmMEJyM0VGbStrUHh0SGxVR2FsUXdFb3NSVy9kWEpFWFVQTHNGb2xPRDRiR0xvblE4Z2VHcFVYVzQKR3prV0g5QTFXUlE4bWIxd0ZDTkZNVjgvUWxKams3MEJFUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" caKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdVdKYkFkUGozMXJqZno1Qjl5a3RMbnhRNXFWYW41VEYxaFhRSHAxVDBUUDA4aWMzCkRhNitQbVJ6dTJaSTdWRTFERUZCWHFMeXdCZkErcmZsbFZlN2pyekZNVVliVzhBeUdRMFBuM1pYQ3NUZ2dFbEwKYWhiZ1ROQnM0YXFYQjhDT3d1QlI0WHNDVzJjOFF6YlJFTEdMZnc3aC9oTzh4M00rT0VlUnd4Snd1R3hwdmg3cgo2WS9qUkVDa1lxeUdsWi9TZlBiV3I1Zzd0K2ZUcmxmRENoQStqODlpUUFxNXdaOHlvWDJacTBGcUJQWlNrNFlkCmhDU093U2F3bVVPOGVWWk1ERG5yRmpGQTVPWVJWS0YxejBrUGQ5Y1VOVWJQOUpSc1ZZRG1lTThyOFArYkNLU0wKY05uOGZNZ1FPYWtnOGlvTU9VdUFmK3JPaXQ2Z0luYlM1dklHaFFJREFRQUJBb0lCQUNIQ3JxNHJoMkVpclRGOApCZ2xiMzFXSzREVFF3aXN6cmIrcUkwZWdBU2FsSHFPR3pyallMTjh4N2YyZnlBSW4rdEFyaGhzVTg3NVYxUmdUCnEyVENJRzhESTZvd2lVVHhRRzVkZVkzaHdFSSt6bCt1ZVdSdG5CV0JFNE1aVFAzbGJGcEMvY1poWDNHRDRHNmgKS2Z1dlNhY3U3NnNVcnhsbmZGcEZkbDhmR1pZTUlOOUNZWHArWWVJZzRuYW5ZSFJsbk1LM05QSjIzZUVHdkpjeQpLdUZWNndIUzFlWmg1M0J0aWRlY3czcmFzZFhJWmMzdFJidlFid3lDbjZ5dVlING0vUXJzMVFUckp2dzdyWU1sCkxyZGxlZm5uWk9XNFNVc3dINkVCWmF3RC9FTFc4eFNORVhudUkzUFp0di9oRVVZd3RKOVdMbk0rRitzc21ldm8KaHVGMUI5VUNnWUVBMFBHSmc2U3N6dHlKNkhyM0tTaEhyN3h5eVVPOVJTK0N3LzBSV2cranJ3SGFlRGRIalpvKwpaYXhxWVdoRUR0aUZieWpJdWR2MFF1aUZhMHVObDUvMGl3YXR2Tm81RitNZWV3WGt1T0YraWE3RFdFODk0a2ZECkVqYXJYWUk3ZkpnTkdxVmthWUw1cGdGcmxpUDhkZDFkK0VlTWV4dmJadTdwYUZzaXBaZWs1NE1DZ1lFQTR5S0cKdzAyMHJTTGRwdlYyQmE2WG4zbFRXUW0wMFlOaVFuY0YrVjJXNm95RjREK2liRUppTUdUZzRESzZLVllNVElpNQpmaVV4WHlib0Fkd1hvTlpqMmhPWmhmMVZSa3g1WGIrOVorbDV3ZFlBMGR4RmV1ajBDakpmd3p1UTNuOUxZOWxlCnJSSi91SklkbHhKWkx2Z0RLZzdRZ2NuNkJCN2Y1Ujlwa1JKaTgxY0NnWUJYZ2xITnlOSjNjUFp4WDg3VWRnSlEKSCtVVFZrT1hEbWIrSHFkOXlMOE5OUUdEQitQMzhubmZxMjZDaldDenR3dHJtdkUycG1DUEJVT2J4SER3NkJWTApoT2lQQi9hUmdwWHBnSFppMkU1ZTY4cjAyWHRab2lTWkpEeHhWWElFcE1vWU50enZNK1BMR3gwc0xMWTN4eGJzClBVc2c1SEhua25nL05LdzJIbVQ2Y1FLQmdEaW9lQzFueU5ZWGlHc0pkL05hNWYrbDZDQ2h4elVzTE9xZmZpSUMKTW84M2xuMmw0Z0pYWE43dGl4cmlESVliTE40NmpPcm1wRFkwSWxPMGIwQnp1bHkvM3VBSm5hZjNrNTdMSVpnMgpLV1VzMk8rQW51UldEK29yUHJBWXY3NkF5bkdSMjRnWXdUdHRWMnhENjNOSDhxSWZKK3Y0VWlHTkFoVEpqUy9mCkFrZnBBb0dBQ0pRS0lOU0hZOWN2RGZseWNWNmRCcndGS0hRb3oyZGg5Z0EvSjBGazYyc0VrNDY1SUtINm96VDQKQTlSZi8yMHBLZG40dmRnTktJQ3R1cUNKN1JIMC82bVRZWXUwSEJTWHo1elZIdWczTHpFbGxOdVB4MnRhc0x0MgpjdElsVkVrdk96L1hCa3BMVUE2TDlaR01Ha2tyeUJoNEdXd2FCajBHeldUQ2JMUGZ3N3c9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" From 3d2c69cbbc61139b15653f3c477459358544677e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 17:58:20 +0300 Subject: [PATCH 07/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index c8411a811..907fc1cc2 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,6 @@ seed: mongoSeedJob: - mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin + mongodbRootURI: mongodb://root:XT9nmM8dZD@cf-mongodb:27017/?authSource=admin mongodbRootOptions: authSource=admin global: @@ -65,7 +65,7 @@ mongodb: # set -eou xtrace - # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin + # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZD@127.0.0.1/?authSource=admin # MONGODB_DATABASES=( # "archive" # "audit" @@ -102,7 +102,7 @@ mongodb: name: cf-codefresh-mongo-seed tls: - enabled: false + enabled: true autoGenerated: false caCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGVENDQWYyZ0F3SUJBZ0lRZWVySXdOWkNpdyt1alRPdHZ2TEZLREFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwdGVVMXZibWR2TFdOaE1CNFhEVEl5TVRFd01qRTRNRFl6TWxvWERUTXlNVEF6TURFNApNRFl6TWxvd0ZURVRNQkVHQTFVRUF4TUtiWGxOYjI1bmJ5MWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTGxpV3dIVDQ5OWE0MzgrUWZjcExTNThVT2FsV3ArVXhkWVYwQjZkVTlFejlQSW4KTncydXZqNWtjN3RtU08xUk5ReEJRVjZpOHNBWHdQcTM1WlZYdTQ2OHhURkdHMXZBTWhrTkQ1OTJWd3JFNElCSgpTMm9XNEV6UWJPR3Fsd2ZBanNMZ1VlRjdBbHRuUEVNMjBSQ3hpMzhPNGY0VHZNZHpQamhIa2NNU2NMaHNhYjRlCjYrbVA0MFJBcEdLc2hwV2YwbnoyMXErWU83Zm4wNjVYd3dvUVBvL1BZa0FLdWNHZk1xRjltYXRCYWdUMlVwT0cKSFlRa2pzRW1zSmxEdkhsV1RBdzU2eFl4UU9UbUVWU2hkYzlKRDNmWEZEVkd6L1NVYkZXQTVualBLL0QvbXdpawppM0RaL0h6SUVEbXBJUElxRERsTGdIL3F6b3Jlb0NKMjB1YnlCb1VDQXdFQUFhTmhNRjh3RGdZRFZSMFBBUUgvCkJBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQjBHQTFVZERnUVdCQlFXTWg5RDRiVkljRWQ2dVBOZ1RqWGpMWUpoSmpBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFSUTBaV3F0dUlLWHNHTTJ4TW1Za0VJTHprckJySktiWXhIOFlCUEJFTjZZT09la0o2Q1FhCjQzZitmaHJlQ2o4NFdwSzdwckNEcjJYTmlHNHJlYjBrU2dYdmpyZUVBTzU0Q1FzelJwR0xUVjROMTBjTDdHUVoKaXd6OElGMXppTld4WXVXK29aSFRBQ2NMRkJkUnFFZWNSWUJXTU0vaDhZcldoWTRIaXlIMHp4UkRsOGNpU2ZOMApoa2lURzZQd0V0S29ZRWUwZ21OWXhkWFNzZ2FMZFlUMjNiMGJsMlB3OUdZdkJlWmFpZlZTbllDYmhmTDNPVkQxCjV6YnBXNHhmMEJyM0VGbStrUHh0SGxVR2FsUXdFb3NSVy9kWEpFWFVQTHNGb2xPRDRiR0xvblE4Z2VHcFVYVzQKR3prV0g5QTFXUlE4bWIxd0ZDTkZNVjgvUWxKams3MEJFUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" caKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdVdKYkFkUGozMXJqZno1Qjl5a3RMbnhRNXFWYW41VEYxaFhRSHAxVDBUUDA4aWMzCkRhNitQbVJ6dTJaSTdWRTFERUZCWHFMeXdCZkErcmZsbFZlN2pyekZNVVliVzhBeUdRMFBuM1pYQ3NUZ2dFbEwKYWhiZ1ROQnM0YXFYQjhDT3d1QlI0WHNDVzJjOFF6YlJFTEdMZnc3aC9oTzh4M00rT0VlUnd4Snd1R3hwdmg3cgo2WS9qUkVDa1lxeUdsWi9TZlBiV3I1Zzd0K2ZUcmxmRENoQStqODlpUUFxNXdaOHlvWDJacTBGcUJQWlNrNFlkCmhDU093U2F3bVVPOGVWWk1ERG5yRmpGQTVPWVJWS0YxejBrUGQ5Y1VOVWJQOUpSc1ZZRG1lTThyOFArYkNLU0wKY05uOGZNZ1FPYWtnOGlvTU9VdUFmK3JPaXQ2Z0luYlM1dklHaFFJREFRQUJBb0lCQUNIQ3JxNHJoMkVpclRGOApCZ2xiMzFXSzREVFF3aXN6cmIrcUkwZWdBU2FsSHFPR3pyallMTjh4N2YyZnlBSW4rdEFyaGhzVTg3NVYxUmdUCnEyVENJRzhESTZvd2lVVHhRRzVkZVkzaHdFSSt6bCt1ZVdSdG5CV0JFNE1aVFAzbGJGcEMvY1poWDNHRDRHNmgKS2Z1dlNhY3U3NnNVcnhsbmZGcEZkbDhmR1pZTUlOOUNZWHArWWVJZzRuYW5ZSFJsbk1LM05QSjIzZUVHdkpjeQpLdUZWNndIUzFlWmg1M0J0aWRlY3czcmFzZFhJWmMzdFJidlFid3lDbjZ5dVlING0vUXJzMVFUckp2dzdyWU1sCkxyZGxlZm5uWk9XNFNVc3dINkVCWmF3RC9FTFc4eFNORVhudUkzUFp0di9oRVVZd3RKOVdMbk0rRitzc21ldm8KaHVGMUI5VUNnWUVBMFBHSmc2U3N6dHlKNkhyM0tTaEhyN3h5eVVPOVJTK0N3LzBSV2cranJ3SGFlRGRIalpvKwpaYXhxWVdoRUR0aUZieWpJdWR2MFF1aUZhMHVObDUvMGl3YXR2Tm81RitNZWV3WGt1T0YraWE3RFdFODk0a2ZECkVqYXJYWUk3ZkpnTkdxVmthWUw1cGdGcmxpUDhkZDFkK0VlTWV4dmJadTdwYUZzaXBaZWs1NE1DZ1lFQTR5S0cKdzAyMHJTTGRwdlYyQmE2WG4zbFRXUW0wMFlOaVFuY0YrVjJXNm95RjREK2liRUppTUdUZzRESzZLVllNVElpNQpmaVV4WHlib0Fkd1hvTlpqMmhPWmhmMVZSa3g1WGIrOVorbDV3ZFlBMGR4RmV1ajBDakpmd3p1UTNuOUxZOWxlCnJSSi91SklkbHhKWkx2Z0RLZzdRZ2NuNkJCN2Y1Ujlwa1JKaTgxY0NnWUJYZ2xITnlOSjNjUFp4WDg3VWRnSlEKSCtVVFZrT1hEbWIrSHFkOXlMOE5OUUdEQitQMzhubmZxMjZDaldDenR3dHJtdkUycG1DUEJVT2J4SER3NkJWTApoT2lQQi9hUmdwWHBnSFppMkU1ZTY4cjAyWHRab2lTWkpEeHhWWElFcE1vWU50enZNK1BMR3gwc0xMWTN4eGJzClBVc2c1SEhua25nL05LdzJIbVQ2Y1FLQmdEaW9lQzFueU5ZWGlHc0pkL05hNWYrbDZDQ2h4elVzTE9xZmZpSUMKTW84M2xuMmw0Z0pYWE43dGl4cmlESVliTE40NmpPcm1wRFkwSWxPMGIwQnp1bHkvM3VBSm5hZjNrNTdMSVpnMgpLV1VzMk8rQW51UldEK29yUHJBWXY3NkF5bkdSMjRnWXdUdHRWMnhENjNOSDhxSWZKK3Y0VWlHTkFoVEpqUy9mCkFrZnBBb0dBQ0pRS0lOU0hZOWN2RGZseWNWNmRCcndGS0hRb3oyZGg5Z0EvSjBGazYyc0VrNDY1SUtINm96VDQKQTlSZi8yMHBLZG40dmRnTktJQ3R1cUNKN1JIMC82bVRZWXUwSEJTWHo1elZIdWczTHpFbGxOdVB4MnRhc0x0MgpjdElsVkVrdk96L1hCa3BMVUE2TDlaR01Ha2tyeUJoNEdXd2FCajBHeldUQ2JMUGZ3N3c9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" From 43eea2f13b34c4d5e9d9710d091fb2c5c88e5ee3 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:00:52 +0300 Subject: [PATCH 08/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index 907fc1cc2..ecfbb4a58 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -65,7 +65,7 @@ mongodb: # set -eou xtrace - # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZD@127.0.0.1/?authSource=admin + # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin # MONGODB_DATABASES=( # "archive" # "audit" From c1e93bd749e2f08639ef971633af5e583cf167f1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:09:12 +0300 Subject: [PATCH 09/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 3 ++- codefresh/templates/secrets/secret.yaml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index ecfbb4a58..b9f1127a7 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,7 +1,8 @@ seed: mongoSeedJob: - mongodbRootURI: mongodb://root:XT9nmM8dZD@cf-mongodb:27017/?authSource=admin + mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin mongodbRootOptions: authSource=admin + mongodbRootPassword: XT9nmM8dZDZ global: appUrl: "" # placeholder for ${CF_APP_HOST} diff --git a/codefresh/templates/secrets/secret.yaml b/codefresh/templates/secrets/secret.yaml index e0fa81259..0ea7c521c 100644 --- a/codefresh/templates/secrets/secret.yaml +++ b/codefresh/templates/secrets/secret.yaml @@ -17,8 +17,8 @@ data: MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }} # legacy MONGODB_* secrets - MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} - MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} + MONGODB_ROOT_USER: {{ coalesce .Values.seed.mongoSeedJob.mongodbRootUser .Values.global.mongodbRootUser | b64enc }} + MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.seed.mongoSeedJob.mongodbRootPassword .Values.global.mongodbRootPassword) | b64enc }} MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} From 09057881f61adcfdaf3ff0148a993688b2f2923e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:22:19 +0300 Subject: [PATCH 10/17] onprem: 2.7.15 --- codefresh/.ci/values/mtls-mongodb-redis.yaml | 62 ++++++++++---------- codefresh/files/mongoSeedJobScript.sh | 8 ++- 2 files changed, 36 insertions(+), 34 deletions(-) diff --git a/codefresh/.ci/values/mtls-mongodb-redis.yaml b/codefresh/.ci/values/mtls-mongodb-redis.yaml index b9f1127a7..f3b58710c 100644 --- a/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -60,37 +60,37 @@ mongodb: enabled: true rootUser: root rootPassword: "XT9nmM8dZDZ" - # initdbScripts: - # my_init_script.sh: | - # #!/bin/bash - - # set -eou xtrace - - # export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin - # MONGODB_DATABASES=( - # "archive" - # "audit" - # "charts-manager" - # "cluster-providers" - # "codefresh" - # "context-manager" - # "gitops-dashboard-manager" - # "k8s-monitor" - # "pipeline-manager" - # "platform-analytics-postgres" - # "read-models" - # "runtime-environment-manager" - # ) - - # mongosh "$MONGODB_ROOT_URI" --eval 'db.getSiblingDB("\$external").runCommand( { createUser: "CN=cfuser,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", roles: [ { role: "readWrite", db: "test" }, { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "codefresh" }, { role: "readWrite", db: "pipeline-manager" }, { role: "readWrite", db: "runtime-environment-manager" }, { role: "readWrite", db: "context-manager" }, { role: "readWrite", db: "cluster-providers" }, { role: "readWrite", db: "charts-manager" }, { role: "readWrite", db: "k8s-monitor" }, { role: "readWrite", db: "read-models" }, { role: "readWrite", db: "audit" }, { role: "readWrite", db: "platform-analytics-postgres" } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )' - - # for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do - # mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')" - # done - - # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json - # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json - # mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json + initdbScripts: + my_init_script.sh: | + #!/bin/bash + + set -eou xtrace + + export MONGODB_ROOT_URI=mongodb://root:XT9nmM8dZDZ@127.0.0.1/?authSource=admin + MONGODB_DATABASES=( + "archive" + "audit" + "charts-manager" + "cluster-providers" + "codefresh" + "context-manager" + "gitops-dashboard-manager" + "k8s-monitor" + "pipeline-manager" + "platform-analytics-postgres" + "read-models" + "runtime-environment-manager" + ) + + mongosh "$MONGODB_ROOT_URI" --eval 'db.getSiblingDB("\$external").runCommand( { createUser: "CN=cfuser,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU", roles: [ { role: "readWrite", db: "test" }, { role: "userAdminAnyDatabase", db: "admin" }, { role: "readWrite", db: "codefresh" }, { role: "readWrite", db: "pipeline-manager" }, { role: "readWrite", db: "runtime-environment-manager" }, { role: "readWrite", db: "context-manager" }, { role: "readWrite", db: "cluster-providers" }, { role: "readWrite", db: "charts-manager" }, { role: "readWrite", db: "k8s-monitor" }, { role: "readWrite", db: "read-models" }, { role: "readWrite", db: "audit" }, { role: "readWrite", db: "platform-analytics-postgres" } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )' + + for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do + mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')" + done + +# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json +# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json +# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json extraVolumeMounts: - name: extras diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index defa8a8fc..613978e6d 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -93,8 +93,10 @@ parseMongoURI $MONGO_URI if [[ -s /etc/ssl/mongodb/ca.pem ]]; then MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile --sslAllowInvalidHostnames --sslAllowInvalidCertificates" else MONGO_URI_EXTRA_PARAMS="" + MONGOIMPORT_EXTRA_PARAMS="" fi disableMongoTelemetry @@ -119,6 +121,6 @@ if [[ $DEVELOPMENT_CHART == "true" ]]; then setPacks fi -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json From 4f80341a2374489acf6b3f41adb9c47596ffbe01 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:29:55 +0300 Subject: [PATCH 11/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 613978e6d..1aedc4712 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -93,7 +93,7 @@ parseMongoURI $MONGO_URI if [[ -s /etc/ssl/mongodb/ca.pem ]]; then MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" - MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile --sslAllowInvalidHostnames --sslAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" else MONGO_URI_EXTRA_PARAMS="" MONGOIMPORT_EXTRA_PARAMS="" From 8ca023512dcaa9da838b0ca595e53bf36f1249a3 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:39:02 +0300 Subject: [PATCH 12/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 1aedc4712..0a92754ee 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -59,7 +59,7 @@ parseMongoURI() { if [[ -z $userpass ]]; then local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" else - local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//' | sed 's/^@//')" fi MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" From 461c3496ef7a65b90659b852e87ef366ce90d3a4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:46:59 +0300 Subject: [PATCH 13/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 0a92754ee..9163e9881 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -58,13 +58,15 @@ parseMongoURI() { local userpass="$(echo $url | grep @ | cut -d@ -f1)" if [[ -z $userpass ]]; then local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters" else - local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//' | sed 's/^@//')" + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" fi - MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" - MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" - MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + if [[ -z $MONGODB_ROOT_OPTIONS ]]; then MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" else From 1d35458ecb40370e0d9554955dbda3f4c489d411 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 18:58:05 +0300 Subject: [PATCH 14/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index 9163e9881..faa30b603 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -95,7 +95,7 @@ parseMongoURI $MONGO_URI if [[ -s /etc/ssl/mongodb/ca.pem ]]; then MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" - MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile /etc/ssl/mongodb/ca.pem --sslPEMKeyFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" else MONGO_URI_EXTRA_PARAMS="" MONGOIMPORT_EXTRA_PARAMS="" From 3137935ce053789fdc3a621b4660207faa5eafd1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 19:16:30 +0300 Subject: [PATCH 15/17] onprem: 2.7.15 --- codefresh/Chart.lock | 6 +++--- codefresh/README.md | 1 + codefresh/files/mongoSeedJobScript.sh | 6 ++++-- codefresh/templates/seed/mongo-seed-job.yaml | 4 ++++ codefresh/values.yaml | 7 +++++-- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/codefresh/Chart.lock b/codefresh/Chart.lock index 0ece7d095..4d44aa517 100644 --- a/codefresh/Chart.lock +++ b/codefresh/Chart.lock @@ -151,7 +151,7 @@ dependencies: version: 1.3344.2-onprem-3feba0e - name: argo-hub-platform repository: oci://quay.io/codefresh/charts - version: 0.1.23 + version: 0.1.24 - name: cf-oidc-provider repository: oci://quay.io/codefresh/charts version: 0.0.16 @@ -170,5 +170,5 @@ dependencies: - name: onboarding-status repository: oci://quay.io/codefresh/charts version: 1.8.8 -digest: sha256:f94b0d09660d4ca0bf68f1b4bcc02102357f069044ade19695be974411644cf2 -generated: "2025-05-15T16:37:04.178584+03:00" +digest: sha256:5479d9ac8d0b75cda6c8d373ce9b2a7b5b3a46196214337268dc03e05fcb48d2 +generated: "2025-05-26T19:11:02.424512+03:00" diff --git a/codefresh/README.md b/codefresh/README.md index 3d5ac1e29..c851f932c 100644 --- a/codefresh/README.md +++ b/codefresh/README.md @@ -2331,6 +2331,7 @@ After platform upgrade, Consul fails with the error `refusing to rejoin cluster | seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI | | seed.enabled | bool | `true` | Enable all seed jobs | | seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. | +| seed.mongoSeedJob.env | object | `{}` | Extra env variables for seed job. | | seed.mongoSeedJob.mongodbRootOptions | string | `""` | Extra options for connection string (e.g. `authSource=admin`). | | seed.mongoSeedJob.mongodbRootPassword | string | `"XT9nmM8dZD"` | Root password in plain text (required ONLY for seed job!). | | seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret | diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index faa30b603..ed4004263 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -12,7 +12,9 @@ export MONGODB_ROOT_PASSWORD=... COMMENT -set -x +if [[ -n $DEBUG ]]; then + set -o xtrace +fi ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/} @@ -95,7 +97,7 @@ parseMongoURI $MONGO_URI if [[ -s /etc/ssl/mongodb/ca.pem ]]; then MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" - MONGOIMPORT_EXTRA_PARAMS="--ssl --sslCAFile /etc/ssl/mongodb/ca.pem --sslPEMKeyFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" else MONGO_URI_EXTRA_PARAMS="" MONGOIMPORT_EXTRA_PARAMS="" diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index f0946cc93..0d6698b85 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -56,6 +56,10 @@ spec: value: {{ .Values.seed.mongoSeedJob.mongodbRootOptions | quote }} - name: DEVELOPMENT_CHART value: {{ .Values.developmentChart | quote }} + {{- range $env, $val := .Values.seed.mongoSeedJob.env }} + - name: {{- $env }} + value: {{- $val | quote }} + {{ end }} command: - "/bin/bash" - "-exc" diff --git a/codefresh/values.yaml b/codefresh/values.yaml index 4eb929a17..781bb1aa0 100644 --- a/codefresh/values.yaml +++ b/codefresh/values.yaml @@ -45,8 +45,6 @@ seed: # mongodbRootUserSecretKeyRef: # name: my-secret # key: mongodb-root-user - # -- Extra options for connection string (e.g. `authSource=admin`). - mongodbRootOptions: "" # -- Root password in plain text (required ONLY for seed job!). mongodbRootPassword: "XT9nmM8dZD" @@ -57,6 +55,11 @@ seed: # name: my-secret # key: mongodb-root-password + # -- Extra options for connection string (e.g. `authSource=admin`). + mongodbRootOptions: "" + # -- Extra env variables for seed job. + env: {} + # -- Postgres Seed Job. Required at first install. Creates required user and databases. # @default -- See below postgresSeedJob: From 1c4d9187b983421c6823d0010648eba763c09504 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 22:49:38 +0300 Subject: [PATCH 16/17] onprem: 2.7.15 --- codefresh/files/mongoSeedJobScript.sh | 7 ++++--- codefresh/templates/seed/mongo-seed-job.yaml | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/codefresh/files/mongoSeedJobScript.sh b/codefresh/files/mongoSeedJobScript.sh index ed4004263..bf6878cc0 100644 --- a/codefresh/files/mongoSeedJobScript.sh +++ b/codefresh/files/mongoSeedJobScript.sh @@ -17,6 +17,7 @@ if [[ -n $DEBUG ]]; then fi ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/} +MTLS_CERT_PATH=${MTLS_CERT_PATH:-/etc/ssl/mongodb/ca.pem} MONGODB_DATABASES=( "archive" @@ -95,9 +96,9 @@ setPacks() { parseMongoURI $MONGO_URI -if [[ -s /etc/ssl/mongodb/ca.pem ]]; then - MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile /etc/ssl/mongodb/ca.pem --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" - MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile /etc/ssl/mongodb/ca.pem --sslAllowInvalidHostnames --sslAllowInvalidCertificates" +if [[ -s ${MTLS_CERT_PATH} ]]; then + MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates" else MONGO_URI_EXTRA_PARAMS="" MONGOIMPORT_EXTRA_PARAMS="" diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index 0d6698b85..521b02d4d 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -60,6 +60,11 @@ spec: - name: {{- $env }} value: {{- $val | quote }} {{ end }} + {{- range $env, $val := .Values.global.env }} + - name: {{- $env }} + value: {{- $val | quote }} + {{ end }} + command: - "/bin/bash" - "-exc" From 4b7950ba8eabfb46ba5bed9166de8822efa0c439 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 26 May 2025 22:57:20 +0300 Subject: [PATCH 17/17] onprem: 2.7.15 --- codefresh/templates/seed/mongo-seed-job.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/codefresh/templates/seed/mongo-seed-job.yaml b/codefresh/templates/seed/mongo-seed-job.yaml index 521b02d4d..2cbac34a2 100644 --- a/codefresh/templates/seed/mongo-seed-job.yaml +++ b/codefresh/templates/seed/mongo-seed-job.yaml @@ -57,12 +57,12 @@ spec: - name: DEVELOPMENT_CHART value: {{ .Values.developmentChart | quote }} {{- range $env, $val := .Values.seed.mongoSeedJob.env }} - - name: {{- $env }} - value: {{- $val | quote }} + - name: {{ $env }} + value: {{ $val | quote }} {{ end }} {{- range $env, $val := .Values.global.env }} - - name: {{- $env }} - value: {{- $val | quote }} + - name: {{ $env }} + value: {{ $val | quote }} {{ end }} command: