From 6848b55101d366976b59af4ecc518fa437f6c053 Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Tue, 24 Dec 2024 14:29:04 +0100 Subject: [PATCH] Update & Refactor --- Makefile | 9 +- deploy/.env.dist | 6 + deploy/.env.local | 10 +- .../basket-svc/0001_create_base_tables.up.sql | 4 +- .../0002_add_price_to_basket_item.down.sql | 2 - .../0002_add_price_to_basket_item.up.sql | 2 - .../0001_create_base_tables.up.sql | 4 +- deploy/db_migrations/init/init.sql | 3 + .../0001_create_base_tables.down.sql | 4 +- .../order-svc/0001_create_base_tables.up.sql | 10 +- deploy/etc/nginx/nginx-vhost.dev.conf | 20 +-- deploy/etc/nginx/nginx-vhost.local.conf | 4 +- deploy/etc/prometheus/prometheus.yml | 4 +- deploy/make-cert.sh | 156 ++++++++++++++++++ 14 files changed, 202 insertions(+), 36 deletions(-) delete mode 100644 deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.down.sql delete mode 100644 deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.up.sql create mode 100755 deploy/make-cert.sh diff --git a/Makefile b/Makefile index 832ee28..ed72e67 100644 --- a/Makefile +++ b/Makefile @@ -8,13 +8,16 @@ down: - docker stack rm egommerce k8s-up: - - sh ${DEPLOY_DIR}/scripts/start-k8s.sh + - sh ${DEPLOY_DIR}/start-k8s.sh k8s-down: - - kubectl... TODO :D + - kubectl delete -f deploy/k8s/stack.yml # GENERATING CERTS - certs: - bash ${DEPLOY_DIR}/scripts/gen-certs.sh +volumes-restart: + - docker stack rm egommerce + - docker volume prune -af + - sh ${DEPLOY_DIR}/start-stack.sh diff --git a/deploy/.env.dist b/deploy/.env.dist index e69de29..64d6321 100644 --- a/deploy/.env.dist +++ b/deploy/.env.dist @@ -0,0 +1,6 @@ +API_GATEWAY_ADDR=gw.service.ego.io +API_GATEWAY_PORT=443 + +# API_REGISTRY_ADDR=registry.service.ego.io +API_REGISTRY_ADDR=api-registry +API_REGISTRY_PORT=8501 diff --git a/deploy/.env.local b/deploy/.env.local index 563d63f..342ba56 100644 --- a/deploy/.env.local +++ b/deploy/.env.local @@ -1,4 +1,6 @@ -API_GATEWAY_PORT=48443 -API_GATEWAY_UI_PORT=48444 -API_REGISTRY_UI_PORT=48445 -API_EVENTBUS_UI_PORT=48446 +API_GATEWAY_ADDR=gw.service.ego.io +API_GATEWAY_PORT=443 + +# API_REGISTRY_ADDR=registry.service.ego.io +#API_REGISTRY_ADDR=api-registry +API_REGISTRY_PORT=8501 diff --git a/deploy/db_migrations/basket-svc/0001_create_base_tables.up.sql b/deploy/db_migrations/basket-svc/0001_create_base_tables.up.sql index fa67c45..152d9b2 100644 --- a/deploy/db_migrations/basket-svc/0001_create_base_tables.up.sql +++ b/deploy/db_migrations/basket-svc/0001_create_base_tables.up.sql @@ -1,7 +1,7 @@ CREATE TABLE IF NOT EXISTS basket.basket ( id uuid NOT NULL DEFAULT gen_random_uuid(), - state character varying NOT NULL DEFAULT 'new', + "state" character varying NOT NULL DEFAULT 'new', created_at timestamp without time zone NOT NULL DEFAULT now(), updated_at timestamp without time zone, PRIMARY KEY (id) @@ -13,7 +13,7 @@ CREATE TABLE IF NOT EXISTS basket.basket_item basket_id uuid NOT NULL, product_id integer NOT NULL, quantity integer NOT NULL DEFAULT 1, - price double precision NOT NULL DEFAULT 0.00; + price double precision NOT NULL DEFAULT 0.00, created_at timestamp without time zone NOT NULL DEFAULT now(), updated_at timestamp without time zone, PRIMARY KEY (id) diff --git a/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.down.sql b/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.down.sql deleted file mode 100644 index 0bcc200..0000000 --- a/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.down.sql +++ /dev/null @@ -1,2 +0,0 @@ -ALTER TABLE IF EXISTS basket.basket_item - DROP COLUMN price; diff --git a/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.up.sql b/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.up.sql deleted file mode 100644 index 5404308..0000000 --- a/deploy/db_migrations/basket-svc/0002_add_price_to_basket_item.up.sql +++ /dev/null @@ -1,2 +0,0 @@ -ALTER TABLE IF EXISTS basket.basket_item - ADD COLUMN price double precision NOT NULL DEFAULT 0.00; diff --git a/deploy/db_migrations/catalog-svc/0001_create_base_tables.up.sql b/deploy/db_migrations/catalog-svc/0001_create_base_tables.up.sql index 527b381..7fe625f 100644 --- a/deploy/db_migrations/catalog-svc/0001_create_base_tables.up.sql +++ b/deploy/db_migrations/catalog-svc/0001_create_base_tables.up.sql @@ -1,8 +1,8 @@ CREATE TABLE catalog.product ( id integer NOT NULL GENERATED ALWAYS AS IDENTITY, - pid character varying NOT NULL, - name character varying NOT NULL, + pid uuid NOT NULL DEFAULT gen_random_uuid(), + "name" character varying NOT NULL, price double precision NOT NULL, created_at timestamp without time zone NOT NULL DEFAULT now(), updated_at timestamp without time zone, diff --git a/deploy/db_migrations/init/init.sql b/deploy/db_migrations/init/init.sql index c061cc4..7c46dec 100644 --- a/deploy/db_migrations/init/init.sql +++ b/deploy/db_migrations/init/init.sql @@ -1,3 +1,6 @@ CREATE USER egommerce; CREATE DATABASE egommerce; + GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce; + +CREATE EXTENSION IF NOT EXISTS "pgcrypto"; diff --git a/deploy/db_migrations/order-svc/0001_create_base_tables.down.sql b/deploy/db_migrations/order-svc/0001_create_base_tables.down.sql index c08f787..58900be 100644 --- a/deploy/db_migrations/order-svc/0001_create_base_tables.down.sql +++ b/deploy/db_migrations/order-svc/0001_create_base_tables.down.sql @@ -1,2 +1,2 @@ -DROP TABLE IF EXISTS ordering.order_item; -DROP TABLE IF EXISTS ordering."order"; +DROP TABLE IF EXISTS "ordering".order_item; +DROP TABLE IF EXISTS "ordering"."order"; diff --git a/deploy/db_migrations/order-svc/0001_create_base_tables.up.sql b/deploy/db_migrations/order-svc/0001_create_base_tables.up.sql index 5c58d0d..75f0de1 100644 --- a/deploy/db_migrations/order-svc/0001_create_base_tables.up.sql +++ b/deploy/db_migrations/order-svc/0001_create_base_tables.up.sql @@ -1,25 +1,25 @@ -CREATE TABLE IF NOT EXISTS ordering."order" +CREATE TABLE IF NOT EXISTS "ordering"."order" ( id uuid NOT NULL DEFAULT gen_random_uuid(), - state character varying NOT NULL DEFAULT 'new', + "state" character varying NOT NULL DEFAULT 'new', created_at timestamp without time zone NOT NULL DEFAULT now(), updated_at timestamp without time zone, PRIMARY KEY (id) ); -CREATE TABLE IF NOT EXISTS ordering.order_item +CREATE TABLE IF NOT EXISTS "ordering".order_item ( id uuid NOT NULL DEFAULT gen_random_uuid(), order_id uuid NOT NULL, product_id integer NOT NULL, quantity integer NOT NULL DEFAULT 1, - price double precision NOT NULL DEFAULT 0.00; + price double precision NOT NULL DEFAULT 0.00, created_at timestamp without time zone NOT NULL DEFAULT now(), updated_at timestamp without time zone, PRIMARY KEY (id) ); -ALTER TABLE IF EXISTS ordering.order_item +ALTER TABLE IF EXISTS "ordering".order_item ADD CONSTRAINT order_item_order_fkey FOREIGN KEY (order_id) REFERENCES "ordering"."order" (id) MATCH SIMPLE ON UPDATE NO ACTION diff --git a/deploy/etc/nginx/nginx-vhost.dev.conf b/deploy/etc/nginx/nginx-vhost.dev.conf index 9a14ec0..7555129 100644 --- a/deploy/etc/nginx/nginx-vhost.dev.conf +++ b/deploy/etc/nginx/nginx-vhost.dev.conf @@ -16,10 +16,10 @@ upstream egommerce-api-eventbus-mngmt { server { listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.dev/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.dev/privkey.pem; + ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.io/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.io/privkey.pem; - server_name admin.egommerce.pbiernat.dev; + server_name admin.egommerce.pbiernat.io; # Traefik redirects location /dashboard { @@ -91,16 +91,16 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } - error_log /var/log/nginx/admin-egommerce.pbiernat.dev-error.log; - access_log /var/log/nginx/admin-egommerce.pbiernat.dev-access.log combined; + error_log /var/log/nginx/admin-egommerce.pbiernat.io-error.log; + access_log /var/log/nginx/admin-egommerce.pbiernat.io-access.log combined; } #server { # listen 443 ssl; -# ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.dev/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.dev/privkey.pem; +# ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.io/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.io/privkey.pem; # -# server_name egommerce.pbiernat.dev; +# server_name egommerce.pbiernat.io; # # # Pass all requests to the API Gateway # location / { @@ -114,7 +114,7 @@ server { # client_max_body_size 0; # } # -# error_log /var/log/nginx/egommerce.pbiernat.dev-error.log; -# access_log /var/log/nginx/egommerce.pbiernat.dev-access.log combined; +# error_log /var/log/nginx/egommerce.pbiernat.io-error.log; +# access_log /var/log/nginx/egommerce.pbiernat.io-access.log combined; #} diff --git a/deploy/etc/nginx/nginx-vhost.local.conf b/deploy/etc/nginx/nginx-vhost.local.conf index fd5ca9e..f9fcadf 100644 --- a/deploy/etc/nginx/nginx-vhost.local.conf +++ b/deploy/etc/nginx/nginx-vhost.local.conf @@ -16,8 +16,8 @@ upstream egommerce-api-eventbus-mngmt { server { listen 443 ssl; - ssl_certificate /home/keedosn/workspace/golang/src/git.ego.cloudns.be/egommerce/stack/deploy/certs/api-gateway/localhost.cert; - ssl_certificate_key /home/keedosn/workspace/golang/src/git.ego.cloudns.be/egommerce/stack/deploy/certs/api-gateway/localhost.key; + ssl_certificate /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.cert; + ssl_certificate_key /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.key; server_name egommerce.local; diff --git a/deploy/etc/prometheus/prometheus.yml b/deploy/etc/prometheus/prometheus.yml index 3ca7a6d..9ef76c4 100644 --- a/deploy/etc/prometheus/prometheus.yml +++ b/deploy/etc/prometheus/prometheus.yml @@ -47,7 +47,7 @@ scrape_configs: # - job_name: consul # consul_sd_configs: - # - server: api-registry:8500 + # - server: api-registry:8501 # services: # - consul # - basket-server @@ -59,7 +59,7 @@ scrape_configs: # - job_name: rabbitmq # consul_sd_configs: - # - server: api-registry:8500 + # - server: api-registry:8501 # services: # - api-eventbus # relabel_configs: diff --git a/deploy/make-cert.sh b/deploy/make-cert.sh new file mode 100755 index 0000000..e89e60e --- /dev/null +++ b/deploy/make-cert.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +cd deploy/certs + +mkdir -p ca +mkdir -p api-gateway api-registry api-gateway api-eventbus api-vault +mkdir -p basket-svc catalog-svc identity-svc order-svc pricing-svc + +# # Generate ROOT Key +# openssl genrsa -out ca/internalCA.key 4096 + +# # Generate ROOT Cert +# openssl req -x509 -new -nodes -key ca/internalCA.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io CA/CN=egommerce.io" \ +# -sha256 -days 3650 -out ca/internalCA.crt + + +# # MANAGING SERVICES + +# # Generate Key for API-REGISTRY +# openssl genrsa -out api-registry/registry.key 2048 + +# # Generate Cert for API-REGISTRY +openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ + -out api-registry/registry.internal.csr +openssl req -new -sha256 -key api-registry/registry.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-registry" \ + -out api-registry/registry.local.csr + +openssl x509 -req -in api-registry/registry.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:consul.service.ego.io,DNS:consul.service.dc.ego.io,IP:127.0.0.1')) \ + -out api-registry/registry.internal.crt -days 365 -sha256 +openssl x509 -req -in api-registry/registry.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-registry,DNS:registry.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out api-registry/registry.local.crt -days 365 -sha256 + +# # Generate Key for API-GATEWAY +# openssl genrsa -out api-gateway/gateway.key 2048 + +# # Generate Cert for API-GATEWAY +openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ + -out api-gateway/gateway.internal.csr +openssl req -new -sha256 -key api-gateway/gateway.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-gateway" \ + -out api-gateway/gateway.local.csr + +openssl x509 -req -in api-gateway/gateway.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.service.ego.io,DNS:gateway.service.dc.ego.io,IP:127.0.0.1')) \ + -out api-gateway/gateway.internal.crt -days 365 -sha256 +openssl x509 -req -in api-gateway/gateway.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-gateway,DNS:gateway.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out api-gateway/gateway.local.crt -days 365 -sha256 + +# Generate Key for API-VAULT +# openssl genrsa -out api-vault/vault.key 2048 + +# Generate Cert for API-VAULT +openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ + -out api-vault/vault.internal.csr +openssl req -new -sha256 -key api-vault/vault.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-vault" \ + -out api-vault/vault.local.csr + +openssl x509 -req -in api-vault/vault.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ + -out api-vault/vault.internal.crt -days 365 -sha256 +openssl x509 -req -in api-vault/vault.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-vault,DNS:vault.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out api-vault/vault.local.crt -days 365 -sha256 + + +# Generate Key for API-EVENTBUS +# openssl genrsa -out api-eventbus/eventbus.key 2048 + +# Generate Cert for API-EVENTBUS +openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ + -out api-eventbus/eventbus.internal.csr +openssl req -new -sha256 -key api-eventbus/eventbus.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=api-eventbus" \ + -out api-eventbus/eventbus.local.csr + +openssl x509 -req -in api-eventbus/eventbus.internal.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:esb.service.ego.io,DNS:localhost,IP:127.0.0.1')) \ + -out api-eventbus/eventbus.internal.crt -days 365 -sha256 +openssl x509 -req -in api-eventbus/eventbus.local.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:api-eventbus,DNS:eventbus.egommerce.local,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out api-eventbus/eventbus.local.crt -days 365 -sha256 + + +# API MICROSERVICES +# Generate Key for domain (service) - BASKET-SVC +# openssl genrsa -out basket-svc/basket-svc.key 2048 + +# Generate Cert for domain (service) - BASKET-SVC +openssl req -new -sha256 -key basket-svc/basket-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=basket-svc" \ + -out basket-svc/basket-svc.csr + +openssl x509 -req -in basket-svc/basket-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:basket-svc,DNS:basket.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out basket-svc/basket-svc.crt -days 365 -sha256 + + +# Generate Key for domain (service) - CATALOG-SVC +# openssl genrsa -out catalog-svc/catalog-svc.key 2048 + +# Generate Cert for domain (service) - CATALOG-SVC +openssl req -new -sha256 -key catalog-svc/catalog-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=catalog-svc" \ + -out catalog-svc/catalog-svc.csr + +openssl x509 -req -in catalog-svc/catalog-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:catalog-svc,DNS:catalog.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out catalog-svc/catalog-svc.crt -days 365 -sha256 + + +# Generate Key for domain (service) - IDENTITY-SVC +# openssl genrsa -out identity-svc/identity-svc.key 2048 + +# Generate Cert for domain (service) - IDENTITY-SVC +openssl req -new -sha256 -key identity-svc/identity-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=identity-svc" \ + -out identity-svc/identity-svc.csr + +openssl x509 -req -in identity-svc/identity-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:identity-svc,DNS:identity.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out identity-svc/identity-svc.crt -days 365 -sha256 + + +# Generate Key for domain (service) - ORDER-SVC +# openssl genrsa -out order-svc/order-svc.key 2048 + +# Generate Cert for domain (service) - ORDER-SVC +openssl req -new -sha256 -key order-svc/order-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=order-svc" \ + -out order-svc/order-svc.csr + +openssl x509 -req -in order-svc/order-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:order-svc,DNS:order.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out order-svc/order-svc.crt -days 365 -sha256 + + +# Generate Key for domain (service) - PRICING-SVC +# openssl genrsa -out pricing-svc/pricing-svc.key 2048 + +# Generate Cert for domain (service) - PRICING-SVC +openssl req -new -sha256 -key pricing-svc/pricing-svc.key -subj "/C=PL/ST=Slask/L=Gliwice/O=Egommerce.io/CN=pricing-svc" \ + -out pricing-svc/pricing-svc.csr + +openssl x509 -req -in pricing-svc/pricing-svc.csr -CA ca/internalCA.crt -CAkey ca/internalCA.key -CAcreateserial \ + -extensions SAN \ + -extfile <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:pricing-svc,DNS:pricing.service.ego.io,DNS:host.docker.internal,DNS:localhost,IP:127.0.0.1')) \ + -out pricing-svc/pricing-svc.crt -days 365 -sha256