From 9a866acd12a8c7b066f0eb672fb140a43d4c45da Mon Sep 17 00:00:00 2001 From: ecsimsw Date: Sat, 25 Nov 2023 22:14:36 +0900 Subject: [PATCH] project : vault as private submodule --- .gitmodules | 3 + .../picup/config/common.config.yaml | 5 +- infra-kubernetes/picup/config/pic-up-vault | 1 + .../picup/config/vault/config/README.md | 1 - .../config/vault/config/album-config.yaml | 15 --- .../config/vault/config/common.config.yaml | 15 --- .../config/vault/config/member-config.yaml | 9 -- .../config/vault/config/storage-config.yaml | 13 --- .../config/vault/db/1.mysql-replication.sql | 29 ------ .../db/2.mysql-multi-source-replication.sql | 57 ------------ .../config/vault/db/3.application-user.sql | 4 - .../docker-compose/docker-compose-cloud.yaml | 92 ------------------- .../mysql-album-master/mysql-1.cnf | 8 -- .../mysql-album-slave/mysql-2.cnf | 11 --- .../mysql-common-backup/mysql-4.cnf | 8 -- .../docker-compose/mysql-member/mysql-3.cnf | 8 -- .../properties/prod/secure.properties | 2 +- .../properties/prod/secure.properties | 2 +- .../properties/prod/secure.properties | 2 +- 19 files changed, 10 insertions(+), 275 deletions(-) create mode 160000 infra-kubernetes/picup/config/pic-up-vault delete mode 100644 infra-kubernetes/picup/config/vault/config/README.md delete mode 100644 infra-kubernetes/picup/config/vault/config/album-config.yaml delete mode 100644 infra-kubernetes/picup/config/vault/config/common.config.yaml delete mode 100644 infra-kubernetes/picup/config/vault/config/member-config.yaml delete mode 100644 infra-kubernetes/picup/config/vault/config/storage-config.yaml delete mode 100644 infra-kubernetes/picup/config/vault/db/1.mysql-replication.sql delete mode 100644 infra-kubernetes/picup/config/vault/db/2.mysql-multi-source-replication.sql delete mode 100644 infra-kubernetes/picup/config/vault/db/3.application-user.sql delete mode 100644 infra-kubernetes/picup/config/vault/docker-compose/docker-compose-cloud.yaml delete mode 100644 infra-kubernetes/picup/config/vault/docker-compose/mysql-album-master/mysql-1.cnf delete mode 100644 infra-kubernetes/picup/config/vault/docker-compose/mysql-album-slave/mysql-2.cnf delete mode 100644 infra-kubernetes/picup/config/vault/docker-compose/mysql-common-backup/mysql-4.cnf delete mode 100644 infra-kubernetes/picup/config/vault/docker-compose/mysql-member/mysql-3.cnf diff --git a/.gitmodules b/.gitmodules index 0699e8bf..7d06aba7 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "infra/server-kubernetes/picup/config/vault"] path = infra/server-kubernetes/picup/config/vault url = https://github.com/ecsimsw/pic-up-vault.git +[submodule "infra-kubernetes/picup/config/pic-up-vault"] + path = infra-kubernetes/picup/config/pic-up-vault + url = https://github.com/ecsimsw/pic-up-vault.git diff --git a/infra-kubernetes/picup/config/common.config.yaml b/infra-kubernetes/picup/config/common.config.yaml index f3045501..e0094982 100644 --- a/infra-kubernetes/picup/config/common.config.yaml +++ b/infra-kubernetes/picup/config/common.config.yaml @@ -5,8 +5,9 @@ metadata: namespace: picup data: SPRING_PROFILES_ACTIVE: "prod" - TOKEN_SECRET: "ecsimswtemptokensecretqwertyqwerty123123123" - DATA_AES_ENCRYPTION_KEY: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + TOKEN_SECRET: "ecsimswtemptokensecretqyqwerty123123123" + DATA_AES_ENCRYPTION_KEY: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaabbb" + DATA_AES_ENCRYPTION_IV: "0123456789012345" PICUP_MESSAGE_QUEUE_HOST: "cloud.ecsimsw.com" PICUP_MESSAGE_QUEUE_PORT: "5672" PICUP_MESSAGE_QUEUE_USERNAME: "admin" diff --git a/infra-kubernetes/picup/config/pic-up-vault b/infra-kubernetes/picup/config/pic-up-vault new file mode 160000 index 00000000..10ad3f86 --- /dev/null +++ b/infra-kubernetes/picup/config/pic-up-vault @@ -0,0 +1 @@ +Subproject commit 10ad3f86417d7d141df0f86ecd00683420d7e121 diff --git a/infra-kubernetes/picup/config/vault/config/README.md b/infra-kubernetes/picup/config/vault/config/README.md deleted file mode 100644 index 6482a562..00000000 --- a/infra-kubernetes/picup/config/vault/config/README.md +++ /dev/null @@ -1 +0,0 @@ -## THIS IS REAL diff --git a/infra-kubernetes/picup/config/vault/config/album-config.yaml b/infra-kubernetes/picup/config/vault/config/album-config.yaml deleted file mode 100644 index 3d740ae6..00000000 --- a/infra-kubernetes/picup/config/vault/config/album-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: album-server-config - namespace: picup -data: - PICUP_STORAGE_SERVER_URL: "http://storage-server-svc.picup.svc.cluster.local:8083" - PICUP_ALBUM_MYSQL_MASTER_URL: "cloud.ecsimsw.com:13301/picup_album" - PICUP_ALBUM_MYSQL_MASTER_USERNAME: "picup" - PICUP_ALBUM_MYSQL_MASTER_PASSWORD: "picuppassword" - PICUP_ALBUM_MYSQL_SLAVE_URL: "cloud.ecsimsw.com:13302/picup_album" - PICUP_ALBUM_MYSQL_SLAVE_USERNAME: "picup" - PICUP_ALBUM_MYSQL_SLAVE_PASSWORD: "picuppassword" - -# #CHANGE MASTER TO MASTER_HOST='172.19.0.4', MASTER_USER='ecsimsw', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000005', MASTER_LOG_POS=0, GET_MASTER_PUBLIC_KEY=1; \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/config/common.config.yaml b/infra-kubernetes/picup/config/vault/config/common.config.yaml deleted file mode 100644 index ad1d0169..00000000 --- a/infra-kubernetes/picup/config/vault/config/common.config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: common-config - namespace: picup -data: - SPRING_PROFILES_ACTIVE: "prod" - TOKEN_SECRET: "picuptokenscretpicuptokenscretecsimswecimsw" - DATA_AES_ENCRYPTION_KEY: "picupecsimswdataaesencrytionkeya" - PICUP_MESSAGE_QUEUE_HOST: "cloud.ecsimsw.com" - PICUP_MESSAGE_QUEUE_PORT: "5672" - PICUP_MESSAGE_QUEUE_USERNAME: "picup" - PICUP_MESSAGE_QUEUE_PASSWORD: "picuppassword" - PICUP_COMMON_REDIS_URL: "cloud.ecsimsw.com" - PICUP_COMMON_REDIS_PORT: "6379" diff --git a/infra-kubernetes/picup/config/vault/config/member-config.yaml b/infra-kubernetes/picup/config/vault/config/member-config.yaml deleted file mode 100644 index bb23258b..00000000 --- a/infra-kubernetes/picup/config/vault/config/member-config.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: member-server-config - namespace: picup -data: - PICUP_MEMBER_DB_URL: "cloud.ecsimsw.com:13303/picup_member" - PICUP_MEMBER_DB_USERNAME: "picup" - PICUP_MEMBER_DB_PASSWORD: "picuppassword" \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/config/storage-config.yaml b/infra-kubernetes/picup/config/vault/config/storage-config.yaml deleted file mode 100644 index 9a3799d4..00000000 --- a/infra-kubernetes/picup/config/vault/config/storage-config.yaml +++ /dev/null @@ -1,13 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: storage-server-config - namespace: picup -data: - PICUP_LOCAL_STORAGE_ROOT_PATH: "/picup/localStorage/" - PICUP_OBJECT_STORAGE_URL: "ewr1.vultrobjects.com" - PICUP_OBJECT_STORAGE_HOST_REGION: "ewr1" - PICUP_OBJECT_STORAGE_BUCKET_ACCESS_KEY: "2XVS2M8E0IU2XW3WW2NN" - PICUP_OBJECT_STORAGE_BUCKET_SECRET_KEY: "vHnubEUfN4kmmTJ3DgPSCRgD73XCKIr8G0pC2EOf" - PICUP_OBJECT_STORAGE_BUCKET_NAME: "picup-backup-storage" - PICUP_STORAGE_MONGO_URL: "mongodb://picup:picuppassword@cloud.ecsimsw.com:27017/picup?authSource=admin" diff --git a/infra-kubernetes/picup/config/vault/db/1.mysql-replication.sql b/infra-kubernetes/picup/config/vault/db/1.mysql-replication.sql deleted file mode 100644 index d4e3359d..00000000 --- a/infra-kubernetes/picup/config/vault/db/1.mysql-replication.sql +++ /dev/null @@ -1,29 +0,0 @@ -/* -master - */ - -show master status\G; - -CREATE USER 'replica'@'%' IDENTIFIED BY 'password'; -GRANT REPLICATION SLAVE ON *.* TO 'replica'@'%'; - -/* -slave - */ - -CHANGE MASTER TO MASTER_HOST='${HOST_IP_ADDRESS}',\ - MASTER_USER='replica', \ - MASTER_PASSWORD='password', \ - MASTER_LOG_FILE='${MASTER_LOG_FILE_TO_READ}', \ - MASTER_LOG_POS=0, GET_MASTER_PUBLIC_KEY=1; -start slave; - -show slave status\G; - -/* -mysql-album-master-bin.000003 172.18.0.5 -mysql-album-slave-bin.000003 172.18.0.2 -mysql-member-bin.000003 172.18.0.8 - */ - - diff --git a/infra-kubernetes/picup/config/vault/db/2.mysql-multi-source-replication.sql b/infra-kubernetes/picup/config/vault/db/2.mysql-multi-source-replication.sql deleted file mode 100644 index 74c413fa..00000000 --- a/infra-kubernetes/picup/config/vault/db/2.mysql-multi-source-replication.sql +++ /dev/null @@ -1,57 +0,0 @@ -/* - MASTER - */ -SHOW MASTER STATUS\G - -CREATE USER 'bakup'@'%' IDENTIFIED BY 'password'; -GRANT REPLICATION SLAVE ON *.* TO 'bakup'@'%'; - -/* -SLAVE - */ - -CHANGE REPLICATION SOURCE TO SOURCE_HOST="${SERVER_URL}", \ - SOURCE_PORT=${SERVER_PORT}, \ - SOURCE_USER="${REPLICA_USER_NAME}", \ - SOURCE_PASSWORD="${REPLICA_USER_PASSWORD}", \ - SOURCE_LOG_FILE="${BIN_LOG_FILE_NAME}", \ - SOURCE_LOG_POS=${BIN_FILE_POSITION} \ - FOR CHANNEL "${CHANNEL_NAME}"; - - - -START REPLICA FOR CHANNEL "{CHANNEL_NAME}"; -START REPLICA; - -show slave status\G; - -STOP REPLICA FOR CHANNEL "{CHANNEL_NAME}"; -STOP REPLICA; -RESET REPLICA ALL; - -/* -example - */ - -mysql-album-slave-bin.000003 172.18.0.2 3449 -mysql-member-bin.000003 172.18.0.8 1906 - -CHANGE REPLICATION SOURCE TO SOURCE_HOST="172.18.0.2", \ - SOURCE_PORT=3306, \ - SOURCE_USER="bakup", \ - SOURCE_PASSWORD="password", \ - SOURCE_LOG_FILE="mysql-album-slave-bin.000003", \ - SOURCE_LOG_POS=3449 \ - FOR CHANNEL "album-slave"; - -CHANGE REPLICATION SOURCE TO SOURCE_HOST="172.18.0.8", \ - SOURCE_PORT=3306, \ - SOURCE_USER="bakup", \ - SOURCE_PASSWORD="password", \ - SOURCE_LOG_FILE="mysql-member-bin.000003", \ - SOURCE_LOG_POS=1906 \ - FOR CHANNEL "member"; - -START REPLICA FOR CHANNEL "album-slave"; -START REPLICA FOR CHANNEL "member"; -START REPLICA; \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/db/3.application-user.sql b/infra-kubernetes/picup/config/vault/db/3.application-user.sql deleted file mode 100644 index ac25a193..00000000 --- a/infra-kubernetes/picup/config/vault/db/3.application-user.sql +++ /dev/null @@ -1,4 +0,0 @@ -## application access - -create user 'picup'@'183.100.1.179' identified by 'picuppassword'; -grant all privileges on *.* to 'picup'@'183.100.1.179'; \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/docker-compose/docker-compose-cloud.yaml b/infra-kubernetes/picup/config/vault/docker-compose/docker-compose-cloud.yaml deleted file mode 100644 index ee8794ec..00000000 --- a/infra-kubernetes/picup/config/vault/docker-compose/docker-compose-cloud.yaml +++ /dev/null @@ -1,92 +0,0 @@ -version: '3' -services: - redis: - image: redis:latest - container_name: 'picup-core-redis' - ports: - - 6379:6379 - volumes: - - ~/redis-data/data:/data - - ~/redis-data/conf/redis.conf:/usr/local/conf/redis.conf - labels: - - "name=redis" - - "mode=standalone" - restart: always - command: redis-server /usr/local/conf/redis.conf - - rabbitmq: - image: rabbitmq:3-management-alpine - container_name: 'picup-core-rabbitmq' - ports: - - 5672:5672 # for AMQP communication and - - 15672:15672 # for the RabbitMQ management interface, http://localhost:15672 - volumes: - - ~/rabbitmq-data/data/:/var/lib/rabbitmq/ - - ~/rabbitmq-data/log/:/var/log/rabbitmq - environment: - RABBITMQ_ERLANG_COOKIE: "RabbitMQ-My-Cookies" - RABBITMQ_DEFAULT_USER: "picup" - RABBITMQ_DEFAULT_PASS: "picuppassword" - - mongodb: - image: mongo:6.0.1 - container_name: "picup-storage-mongo" - ports: - - "27017:27017" - environment: - MONGO_INITDB_ROOT_USERNAME: "picup" - MONGO_INITDB_ROOT_PASSWORD: "picuppassword" - volumes: - - ~/mongo-data:/data/db - - mysql-1: - image: mysql:8.0 - container_name: 'picup-album-mysql-master' - ports: - - 13301:3306 - environment: - MYSQL_ROOT_PASSWORD: "picuprootpassword" - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci - volumes: - - ./mysql-album-master/mysql-1.cnf:/etc/mysql/conf.d/my.cnf - - mysql-2: - image: mysql:8.0 - container_name: 'picup-album-mysql-slave' - ports: - - 13302:3306 - environment: - MYSQL_ROOT_PASSWORD: "picuprootpassword" - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci - volumes: - - ./mysql-album-slave/mysql-2.cnf:/etc/mysql/conf.d/my.cnf - - mysql-3: - image: mysql:8.0 - container_name: 'picup-member-mysql' - ports: - - 13303:3306 - environment: - MYSQL_ROOT_PASSWORD: "picuprootpassword" - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci - volumes: - - ./mysql-member/mysql-3.cnf:/etc/mysql/conf.d/my.cnf - - mysql-4: - image: mysql:8.0 - container_name: 'picup-common-mysql-backup' - ports: - - 13304:3306 - environment: - MYSQL_ROOT_PASSWORD: "picuprootpassword" - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci - volumes: - - ./mysql-common-backup/mysql-4.cnf:/etc/mysql/conf.d/my.cnf \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-master/mysql-1.cnf b/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-master/mysql-1.cnf deleted file mode 100644 index d0078c0b..00000000 --- a/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-master/mysql-1.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[mysqld] - -# prefix of binary log -log-bin=mysql-album-master-bin - -server-id=1 - -default_authentication_plugin=mysql_native_password diff --git a/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-slave/mysql-2.cnf b/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-slave/mysql-2.cnf deleted file mode 100644 index 86ba0f9a..00000000 --- a/infra-kubernetes/picup/config/vault/docker-compose/mysql-album-slave/mysql-2.cnf +++ /dev/null @@ -1,11 +0,0 @@ -[mysqld] - -# prefix of binary log -log-bin=mysql-album-slave-bin - -server-id=2 - -# log slave history also -log_slave_updates = 1 - -default_authentication_plugin=mysql_native_password \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/docker-compose/mysql-common-backup/mysql-4.cnf b/infra-kubernetes/picup/config/vault/docker-compose/mysql-common-backup/mysql-4.cnf deleted file mode 100644 index 807f64c6..00000000 --- a/infra-kubernetes/picup/config/vault/docker-compose/mysql-common-backup/mysql-4.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[mysqld] - -# prefix of binary log -log-bin=mysql-backup-bin - -server-id=4 - -default_authentication_plugin=mysql_native_password \ No newline at end of file diff --git a/infra-kubernetes/picup/config/vault/docker-compose/mysql-member/mysql-3.cnf b/infra-kubernetes/picup/config/vault/docker-compose/mysql-member/mysql-3.cnf deleted file mode 100644 index 840b0cd1..00000000 --- a/infra-kubernetes/picup/config/vault/docker-compose/mysql-member/mysql-3.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[mysqld] - -# prefix of binary log -log-bin=mysql-member-bin - -server-id=3 - -default_authentication_plugin=mysql_native_password diff --git a/server-api/api-album/src/main/resources/properties/prod/secure.properties b/server-api/api-album/src/main/resources/properties/prod/secure.properties index 9dde72f6..d54a7435 100644 --- a/server-api/api-album/src/main/resources/properties/prod/secure.properties +++ b/server-api/api-album/src/main/resources/properties/prod/secure.properties @@ -7,4 +7,4 @@ ecsimsw.token.secret.key=${TOKEN_SECRET} # encrypt data.aes.encryption.key=${DATA_AES_ENCRYPTION_KEY} -data.aes.encryption.iv=0123456789012345 +data.aes.encryption.iv=${DATA_AES_ENCRYPTION_IV} diff --git a/server-api/api-member/src/main/resources/properties/prod/secure.properties b/server-api/api-member/src/main/resources/properties/prod/secure.properties index 9dde72f6..d54a7435 100644 --- a/server-api/api-member/src/main/resources/properties/prod/secure.properties +++ b/server-api/api-member/src/main/resources/properties/prod/secure.properties @@ -7,4 +7,4 @@ ecsimsw.token.secret.key=${TOKEN_SECRET} # encrypt data.aes.encryption.key=${DATA_AES_ENCRYPTION_KEY} -data.aes.encryption.iv=0123456789012345 +data.aes.encryption.iv=${DATA_AES_ENCRYPTION_IV} diff --git a/server-api/api-storage/src/main/resources/properties/prod/secure.properties b/server-api/api-storage/src/main/resources/properties/prod/secure.properties index 9dde72f6..d54a7435 100644 --- a/server-api/api-storage/src/main/resources/properties/prod/secure.properties +++ b/server-api/api-storage/src/main/resources/properties/prod/secure.properties @@ -7,4 +7,4 @@ ecsimsw.token.secret.key=${TOKEN_SECRET} # encrypt data.aes.encryption.key=${DATA_AES_ENCRYPTION_KEY} -data.aes.encryption.iv=0123456789012345 +data.aes.encryption.iv=${DATA_AES_ENCRYPTION_IV}