mosip · pramod444 · Sep 30, 2022 · Oct 11, 2022 · Oct 12, 2022 · Oct 12, 2022
diff --git a/deployment/v3/external/all/install-all.sh b/deployment/v3/external/all/install-all.sh
@@ -12,6 +12,7 @@ ROOT_DIR=`pwd`/../
 echo Installing External services
 
 cd $ROOT_DIR/postgres
+./db_password_gen.sh
 ./install.sh
 ./init_db.sh
 

diff --git a/deployment/v3/external/postgres/copy_secrets.sh b/deployment/v3/external/postgres/copy_secrets.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copy secrets from other namespaces
+# DST_NS: Destination namespace
+COPY_UTIL=../../utils/copy_cm_func.sh
+DST_NS=postgres
+SECRET_REGEX='db-.*-secret'
+secrets_list=$(kubectl get secrets -n db-password --no-headers -o custom-columns=':.metadata.name' | grep "$SECRET_REGEX")
+for secret in $secrets_list; do
+  $COPY_UTIL secret $secret db-password $DST_NS
+done
diff --git a/deployment/v3/external/postgres/db_password_gen.sh b/deployment/v3/external/postgres/db_password_gen.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Script to initialize the DB-PASSWORD.
+## Usage: ./db_password_gen.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=db-password
+kubectl create ns $NS
+CHART_VERSION=12.0.2
+helm repo update
+while true; do
+    read -p "CAUTION: db-passwords will be recreated. Are you sure to regenerate?(Y/n)" yn
+    if [ $yn = "Y" ]
+      then
+        echo Removing any existing installation
+        helm -n $NS delete db-password-gen
+        echo Initializing DB-PASSWORD
+        helm -n $NS install db-password-gen mosip/db-password-gen -f init_values.yaml --version $CHART_VERSION
+        break
+      else
+        break
+    fi
+done
diff --git a/deployment/v3/external/postgres/init_db.sh b/deployment/v3/external/postgres/init_db.sh
@@ -15,6 +15,8 @@ while true; do
       then
         echo Removing any existing installation
         helm -n $NS delete postgres-init
+        echo copying DB secrets
+        ./copy_secrets.sh
         echo Initializing DB
         helm -n $NS install postgres-init mosip/postgres-init -f init_values.yaml --version $CHART_VERSION --wait --wait-for-jobs
         break

diff --git a/deployment/v3/mosip/config-server/copy_secrets.sh b/deployment/v3/mosip/config-server/copy_secrets.sh
@@ -3,13 +3,18 @@
 # DST_NS: Destination namespace 
 COPY_UTIL=../../utils/copy_cm_func.sh
 DST_NS=config-server
-$COPY_UTIL secret db-common-secrets postgres $DST_NS 
-$COPY_UTIL secret keycloak keycloak $DST_NS 
+$COPY_UTIL secret keycloak keycloak $DST_NS
 $COPY_UTIL secret keycloak-client-secrets keycloak $DST_NS
-$COPY_UTIL secret activemq-activemq-artemis activemq $DST_NS 
+$COPY_UTIL secret activemq-activemq-artemis activemq $DST_NS
 $COPY_UTIL secret softhsm-kernel softhsm $DST_NS
 $COPY_UTIL secret softhsm-ida softhsm $DST_NS
 $COPY_UTIL secret s3 s3 $DST_NS
 $COPY_UTIL secret email-gateway msg-gateways $DST_NS
 $COPY_UTIL secret prereg-captcha prereg $DST_NS
 $COPY_UTIL secret conf-secrets-various conf-secrets $DST_NS
+
+SECRET_REGEX='db-.*-secret'
+secrets_list=$(kubectl get secrets -n db-password --no-headers -o custom-columns=':.metadata.name' | grep "$SECRET_REGEX")
+for secret in $secrets_list; do
+  $COPY_UTIL secret $secret db-password $DST_NS
+done
diff --git a/deployment/v3/mosip/config-server/delete.sh b/deployment/v3/mosip/config-server/delete.sh
@@ -12,7 +12,7 @@ while true; do
     if [ $yn = "Y" ]
       then
         kubectl -n $NS delete configmap global keycloak-host activemq-activemq-artemis-share s3 email-gateway
-        kubectl -n $NS delete secret db-common-secrets keycloak keycloak-client-secrets activemq-activemq-artemis softhsm-kernel softhsm-ida s3 email-gateway prereg-captcha
+        kubectl -n $NS delete secret db-mosip-audit-secret db-mosip-authdevice-secret db-mosip-credential-secret db-mosip-digitalcard-secret db-mosip-hotlist-secret db-mosip-ida-secret db-mosip-idmap-secret db-mosip-idp-secret db-mosip-idrepo-secret db-mosip-kernel-secret db-mosip-keymgr-secret db-mosip-master-secret db-mosip-pms-secret db-mosip-prereg-secret db-mosip-regdevice-secret db-mosip-regprc-secret db-mosip-resident-secret db-mosip-toolkit-secret keycloak keycloak-client-secrets activemq-activemq-artemis softhsm-kernel softhsm-ida s3 email-gateway prereg-captcha
         helm -n $NS delete config-server
         break
       else

diff --git a/deployment/v3/mosip/masterdata-loader/copy_secrets.sh b/deployment/v3/mosip/masterdata-loader/copy_secrets.sh
@@ -3,4 +3,4 @@
 # DST_NS: Destination namespace 
 COPY_UTIL=../../utils/copy_cm_func.sh
 DST_NS=masterdata-loader
-$COPY_UTIL secret db-common-secrets postgres $DST_NS 
+$COPY_UTIL secret db-mosip-master-secret db-password $DST_NS