Page MenuHomePhabricator

Provision the MPIC secrets in the private puppet repository
Closed, ResolvedPublic

Description

The MPIC application will require some secrets to be defined in puppet. I can foresee the database password being in there, as well as the IDP client ID, but there might be something else.

Event Timeline

@Sfaci could we sync up so that I can get access to the MariaDB user password assigned to your app user, and commit it into the private puppet repo?

I have added the DB user passwords in the private puppet repo

dse-k8s:
   ...

  mpic-next:
    dse-k8s-eqiad:
      config:
        private:
          database_password: xxxx

  mpic:
    dse-k8s-eqiad:
      config:
        private:
          database_password: xxxx

This will make sure that special yaml files will be provisioned on disk on the deployment server that will be read by the helmfile to provide the chart with the private values.

The same thing wil need to be done for SAL I think, except I don't have the password.

The same thing wil need to be done for SAL I think, except I don't have the password.

Yes! But we don't have the user/password either and we don't know which ones we should use. In fact, we think that maybe we should create and have a specific user/password to be used by this service.
The purpose here is to log to the Mediawiki Server Admin Log. The service has to do that to log some user interactions. Are you the one who can provide those credentials? Should we file another ticket to do it?

I'm going to call this done for now, as both the DB user password and OIDC client secret have been committed to the private puppet repo and rendered on the deployment server, and it's not clear that we need anything else atm. Please re-open if we need other secrets.