Hi Courage, I came to an idea how to generate RSA keys easier: https://github.com/apache/fineract-cn-lang/pull/10 With this there is no need to implement separate service to provision RSA keys, the generator can be called like this:
java -cp lang-0.1.0-BUILD-SNAPSHOT.jar org.apache.fineract.cn.lang.security.RsaKeyPairFactory MODE > rsa.keys It has two modes: UNIX mode generates a file that sets the keys as Unix environment variables (then you use them with 'source rsa.keys') and SPRING mode - keys can be passed directly to a Spring application with --spring.config.location=file:./rsa.keys Juhan Kontakt Courage Angeh (<[email protected]>) kirjutas kuupäeval R, 24. mai 2019 kell 15:08: > Hello, > > I have updated the containerization project to fix the bug with the RSA > keys. > > This new update solves the problem by providing a minimal service > dedicated to generating RSA keys (like a bash job). > The bash and docker-compose scripts were also updated to reflect the new > changes. > > With this progress, I should be able to fix up the deployment with > kubernetes and docker swarm. > > Regards, > Courage. > > On Sat, May 4, 2019 at 11:04 AM Ed Cable <[email protected]> wrote: > >> Apata, thanks for your contribution thus far and your willingness to help >> with documentation. >> >> Sorry for the delayed reply. You should now have the necessary privileges >> for editing content on the wiki. >> >> Ed >> >> On Thu, May 2, 2019, 00:54 Babajide Apata <[email protected]> >> wrote: >> >>> Hello Isaac, >>> >>> My confluence username is apatababajide >>> >>> can we loop Yannick or Ed into this conversation? >>> >>> So one of them can assign the right karma to me. >>> >>> Cheers >>> >>> >>> On Tue, 30 Apr 2019 at 20:01, Isaac Kamga <[email protected]> wrote: >>> >>>> Hello Apata, >>>> >>>> Thanks for volunteering to help. >>>> >>>> You just need to create an account on Confluence, give the account >>>> username to Yannick or Ed and the right karma will be allocated to you. >>>> >>>> Cheers, >>>> Isaac Kamga. >>>> >>>> On Tue, Apr 30, 2019 at 7:58 PM Babajide Apata <[email protected]> >>>> wrote: >>>> >>>>> Hello Yannick, How can I help with the documentation on confluence? >>>>> >>>>> On Tue, 30 Apr 2019, 19:17 Awasum Yannick, <[email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Courage, I think it will be a great idea to the new Service you are >>>>>> working on with the rest of the community. Others might be able to help >>>>>> that way. >>>>>> >>>>>> Also document the non scalable and scalable solution for managing the >>>>>> keys on Confluence and create JIRA issues for these problems. >>>>>> >>>>>> What do you think? >>>>>> >>>>>> On Tue, Apr 30, 2019 at 3:30 PM Courage Angeh <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I did not send a PR because like I earlier stated, the solution >>>>>>> doesn't scale. Imagine if we scale the provisioner microservice to say 4 >>>>>>> instances, each instance will generate its own set of RSA keys( 4 >>>>>>> private >>>>>>> and public key pairs). Therefore managing the RSA keys becomes >>>>>>> difficult. >>>>>>> >>>>>>> I am working on a microservice dedicated to provision RSA keys. In >>>>>>> the future, more responsibilities will be added to this microservice >>>>>>> but in >>>>>>> the meantime, it will just provision RSA keys. >>>>>>> >>>>>>> Regards, >>>>>>> Courage. >>>>>>> >>>>>>> On Tue, Apr 30, 2019 at 1:40 AM Babajide Apata < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi courage, my example is just for testing purpose, your solution >>>>>>>> is the best way to go because its scalable. >>>>>>>> >>>>>>>> You can do a PR to the project so others can take advantage of this >>>>>>>> new changes. >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>>> On Tue, 30 Apr 2019, 06:19 Victor Manuel Romero Rodriguez, < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Courage, >>>>>>>>> >>>>>>>>> That is the right direction! >>>>>>>>> >>>>>>>>> Well...I just missed to fork/clone your repository. >>>>>>>>> >>>>>>>>> https://github.com/Anh3h/fineract-cn-provisioner/ >>>>>>>>> >>>>>>>>> I have used the apache's repositories. Why not to send a PR to the >>>>>>>>> apache's main repository? >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> Victor >>>>>>>>> >>>>>>>>> >>>>>>>>> El 29/04/19 a las 23:59, Courage Angeh escribió: >>>>>>>>> >>>>>>>>> Hi Victor and Juhan >>>>>>>>> >>>>>>>>> My provisioner microservice is different. It generates the RSA >>>>>>>>> keys and distributes them to the other services. Yours doesn't do >>>>>>>>> that so >>>>>>>>> that is why you get the error. Babajide solution quite similar to >>>>>>>>> mine does >>>>>>>>> not scale. So now, I want to create a new microservice that will >>>>>>>>> amongst >>>>>>>>> other things generate and distribute the RSA keys. If anyone comes up >>>>>>>>> with >>>>>>>>> a better idea to manage the RSA keys in a scalable way please share >>>>>>>>> :-D. >>>>>>>>> For now, I will just do that. >>>>>>>>> >>>>>>>>> Here are the changes I made to my version of provisioner: >>>>>>>>> https://github.com/apache/fineract-cn-provisioner/compare/develop...Anh3h:develop >>>>>>>>> >>>>>>>>> Feel free to check it out. If you need any extra help let me know. >>>>>>>>> >>>>>>>>> P.S: Sorry for the delayed reply. My computer got broken over the >>>>>>>>> weekend. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Courage. >>>>>>>>> >>>>>>>>> On Mon, Apr 29, 2019 at 2:54 AM VIctor Romero < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Thank you Babajide, >>>>>>>>>> >>>>>>>>>> It was very clear! >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> Victor. >>>>>>>>>> >>>>>>>>>> Obtener BlueMail para Android <http://www.bluemail.me/r?b=14726> >>>>>>>>>> En 29 abr 2019, en 1:04 a. m., Babajide Apata < >>>>>>>>>> [email protected]> escribió: >>>>>>>>>>> >>>>>>>>>>> Yes, >>>>>>>>>>> In your application.properties file, those variable does not >>>>>>>>>>> exist. That's why you are having those exception thrown. >>>>>>>>>>> >>>>>>>>>>> Solution is to set those variables. >>>>>>>>>>> From your IDE, go to this package >>>>>>>>>>> org.apache.fineract.cn.provisioner, there inside the service, go to >>>>>>>>>>> test >>>>>>>>>>> there is a test called GenerateRsaKeyPair >>>>>>>>>>> run the test and console the key pairs and the modulus copy it >>>>>>>>>>> and add the following variables to your application.yml file >>>>>>>>>>> >>>>>>>>>>> system.publicKey: >>>>>>>>>>> modulus: >>>>>>>>>>> 27496997518027602740679038588957360788166388111745723226845051887812991739012227723332546243105385734111368736932032932620432772472716515003684527125446557010447735580711978806632360865138592893446775929132008752688756754824848632381874224028576258246649602269366673005512310064640825418647880309256755306993532415440472070158197572323027777474711257863763916264413397812817318423942185465458554343738802161836089905865850562315681021674135657336559899673599200895761373803184986638249778532585353688970016894869511370841246964409764310721813601840292548267423866614022874317712701218971621669991087235101713626702109 >>>>>>>>>>> exponent: 65537 >>>>>>>>>>> timestamp: 1553705925system.privateKey: >>>>>>>>>>> modulus: >>>>>>>>>>> 27496997518027602740679038588957360788166388111745723226845051887812991739012227723332546243105385734111368736932032932620432772472716515003684527125446557010447735580711978806632360865138592893446775929132008752688756754824848632381874224028576258246649602269366673005512310064640825418647880309256755306993532415440472070158197572323027777474711257863763916264413397812817318423942185465458554343738802161836089905865850562315681021674135657336559899673599200895761373803184986638249778532585353688970016894869511370841246964409764310721813601840292548267423866614022874317712701218971621669991087235101713626702109 >>>>>>>>>>> exponent: >>>>>>>>>>> 561796842648259152383679946757006059101801939082160053111151326392443900980169567138292558699942192928805449421731115198723766457740931284464250451210353538260669819225374057739608636318729509808584966799025889495250702575804085001744504416959329993625948966823046144229686790310115892329058573540058216825059047241723475118132580453649308791198807274830575086039445555884456525777999480443421178708813716083432869863053509277270956564037565527275973433021758135147494178230404572716471363941780229141916667576368904894867190517214053799120318348323425955090304041838551270452216693653535478473873254807774112781013 >>>>>>>>>>> >>>>>>>>>>> use the generated ones to replace the sample above. >>>>>>>>>>> >>>>>>>>>>> You might also need to set this >>>>>>>>>>> >>>>>>>>>>> system: >>>>>>>>>>> initialclientid: sillyRabbit >>>>>>>>>>> >>>>>>>>>>> Have a code-full day :) >>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> >>>>>>>>>>> On Mon, 29 Apr 2019, 01:12 Victor Manuel Romero Rodriguez, < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> *Hello,* >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> *I have just pulled the repository from * >>>>>>>>>>>> >>>>>>>>>>>> https://github.com/openMF/fineract-cn-containers >>>>>>>>>>>> >>>>>>>>>>>> *Then I execute the commands* >>>>>>>>>>>> >>>>>>>>>>>> 1. Run *bash migration_script.sh* >>>>>>>>>>>> >>>>>>>>>>>> 2. Run *bash start-up.sh* >>>>>>>>>>>> >>>>>>>>>>>> *But then it gives error messages:* >>>>>>>>>>>> >>>>>>>>>>>> Generating RSA keys... >>>>>>>>>>>> grep: logs/provisioner.log: No such file or directory >>>>>>>>>>>> Error response from daemon: Container >>>>>>>>>>>> 18d9260749f1dc309acda9f11533773040ed8ace0060097a6e6721280171ae8d >>>>>>>>>>>> is not >>>>>>>>>>>> running >>>>>>>>>>>> >>>>>>>>>>>> Full log: https://pastebin.com/ixw4GihX >>>>>>>>>>>> >>>>>>>>>>>> *Looking at the docker logs of provisioner container I found >>>>>>>>>>>> this messages:* >>>>>>>>>>>> >>>>>>>>>>>> ***************************, >>>>>>>>>>>> APPLICATION FAILED TO START, >>>>>>>>>>>> ***************************, >>>>>>>>>>>> , >>>>>>>>>>>> Description:, >>>>>>>>>>>> , >>>>>>>>>>>> Binding to target >>>>>>>>>>>> org.apache.fineract.cn.provisioner.config.SystemProperties@4078695f >>>>>>>>>>>> failed:, >>>>>>>>>>>> , >>>>>>>>>>>> Property: system.publicKey.timestamp, >>>>>>>>>>>> Value: null, >>>>>>>>>>>> Reason: may not be empty, >>>>>>>>>>>> , >>>>>>>>>>>> Property: system.privateKey.exponent, >>>>>>>>>>>> Value: null, >>>>>>>>>>>> Reason: may not be null, >>>>>>>>>>>> , >>>>>>>>>>>> Property: system.publicKey.modulus, >>>>>>>>>>>> Value: null, >>>>>>>>>>>> Reason: may not be null, >>>>>>>>>>>> , >>>>>>>>>>>> Property: system.privateKey.modulus, >>>>>>>>>>>> Value: null, >>>>>>>>>>>> Reason: may not be null, >>>>>>>>>>>> , >>>>>>>>>>>> Property: system.publicKey.exponent, >>>>>>>>>>>> Value: null, >>>>>>>>>>>> Reason: may not be null, >>>>>>>>>>>> , >>>>>>>>>>>> , >>>>>>>>>>>> Action:, >>>>>>>>>>>> , >>>>>>>>>>>> Update your application's configuration, >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Full log: https://pastebin.com/AgDmSfNE >>>>>>>>>>>> >>>>>>>>>>>> Any clue? >>>>>>>>>>>> >>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> Victor >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>
