Skip to main content
Skip table of contents

Auth enablement for Redis, MongoDB , PostgreSQL and ActiveMQ

This document describes the procedure to enable authentication for Expertflow CX stateful components mainly Redis, MongoDB, PostgreSQL and ActiveMQ.

change the directory:- 

CODE 
cd cim-solution/kubernetes

Redis:

open values.yaml file in redis helm chart

CODE 
vi external/bitnami/redis/values.yaml

Update the following values as mentioned below:-

CODE 
auth:
  ## @param auth.enabled Enable password authentication
  ##
  enabled: true
  
  ## @param auth.password Redis® password
  ## Defaults to a random 10-character alphanumeric string if not set
  ##
  password: "Expertflow123"  # Change this to match the requirements

Deploy Redis using the helm file.

Manual Verification:-

export Redis password

CODE 
export REDIS_PASSWORD=$(kubectl get secret --namespace ef-external redis -o jsonpath="{.data.redis-password}" | base64 -d)

Start a Redis client pod:-

CODE 
kubectl run --namespace ef-external redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image gitimages.expertflow.com/general/redis:CIM-4292

Exec into client pod:-

CODE 
kubectl exec --tty -i redis-client \
   --namespace ef-external -- bash

verify the auth using the following command in the client pod:

CODE 
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master
Sample Run.
CODE 
I have no name!@redis-client:/$ REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master
redis-master:6379> CONFIG GET databases
1) "databases"
2) "16"
redis-master:6379>

Mongodb:

open values.yaml file in MongoDB helm chart.

CODE 
vi external/bitnami/mongodb/values.yaml

Update the following values as mentioned below:-

CODE 
auth:
  ## @param auth.enabled Enable authentication
  ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
  ## EXPERTFLOW
  enabled: true
  ## @param auth.rootUser MongoDB(®) root user
  ##
  rootUser: root
  ## @param auth.rootPassword MongoDB(®) root password
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
  ##
  rootPassword: "Expertflow123"  # Change this to match the requirements

Deploy MongoDB using the helm file.

Manual Verification:-

export mongodb password

CODE 
export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace ef-external mongo-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)

Start a MongoDB client pod:-

CODE 
kubectl run --namespace ef-external mongo-mongodb-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image docker.io/bitnami/mongodb:6.0.2-debian-11-r1 --command -- bash

verify the auth using the following command in the client pod:-

CODE 
mongosh admin --host "mongo-mongodb" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD

Minio

update the minio helm chart values.yaml files with the required ACCESSKEY and PASSKEY values

YAML 
auth:
  ## @param auth.rootUser MinIO® root username
  ##
  rootUser: minioadmin
  ## @param auth.rootPassword Password for MinIO® root user
  ##
  rootPassword: "minioadmin"

Manual Verification:-

export MinIO User and Password

CODE 
export ROOT_USER=$(kubectl get secret --namespace ef-external minio -o jsonpath="{.data.root-user}" | base64 -d)
export ROOT_PASSWORD=$(kubectl get secret --namespace ef-external minio -o jsonpath="{.data.root-password}" | base64 -d)

Start a MinIO client pod:-

CODE 
kubectl run --namespace ef-external minio-client \
     --rm --tty -i --restart='Never' \
     --env MINIO_SERVER_ROOT_USER=$ROOT_USER \
     --env MINIO_SERVER_ROOT_PASSWORD=$ROOT_PASSWORD \
     --env MINIO_SERVER_HOST=minio \
     --image docker.io/bitnami/minio-client:2022.10.6-debian-11-r0 -- admin info minio

You will see similar output to the following upon successful authorization:-

CODE 
●  minio:9000
   Uptime: 13 seconds
   Version: 2022-10-05T14:58:27Z
   Network: 1/1 OK
   Drives: 1/1 OK
   Pool: 1

Pools:
   1st, Erasure sets: 1, Drives per erasure set: 1

Postgresql:

open values.yaml file in Postgresql helm chart

CODE 
vi external/bitnami/postgresql/values.yaml

Update the following values as mentioned below:-

CODE 
auth:
  ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
  ##
  enablePostgresUser: true
  ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
  ##
  ## EXPERTFLOW
  postgresPassword: "<postgresql password>"

Deploy Postgresql using the helm file.

Manual Verification:-

export Postgresql password

CODE 
export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace ef-external ef-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)

Start a Postgresql client pod and log into licenseManager database from “postgres” user:-

CODE 
kubectl run ef-postgresql-client --rm --tty -i --restart='Never' --namespace ef-external --image docker.io/bitnami/postgresql:14.5.0-debian-11-r21 --env="PGPASSWORD=$POSTGRES_ADMIN_PASSWORD"       --command -- psql --host ef-postgresql -U postgres -d licenseManager -p 5432

ActiveMQ

ActiveMQ TLS enablement is not fully functional yet.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close