Skip to content

Commit

Permalink
refactor: change certificates location
Browse files Browse the repository at this point in the history
  • Loading branch information
aneojgurhem authored and Nico-dl05 committed Nov 26, 2024
1 parent 879d48b commit 12546f4
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
10 changes: 5 additions & 5 deletions terraform/modules/storage/database/mongo/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ resource "docker_container" "database" {
name = var.mongodb_params.database_name
image = docker_image.database.image_id

command = ["mongod", "--bind_ip_all", "--replSet", var.mongodb_params.replica_set_name, "--tlsMode=requireTLS", "--tlsDisabledProtocols=TLS1_0", "--tlsCertificateKeyFile=/cert/key.pem", "--tlsCAFile=/cert/ca.pem", "--tlsAllowConnectionsWithoutCertificates"]
command = ["mongod", "--bind_ip_all", "--replSet", var.mongodb_params.replica_set_name, "--tlsMode=requireTLS", "--tlsDisabledProtocols=TLS1_0", "--tlsCertificateKeyFile=/mongo-certificate/key.pem", "--tlsCAFile=/mongo-certificate/ca.pem", "--tlsAllowConnectionsWithoutCertificates"]

networks_advanced {
name = var.network
Expand All @@ -23,19 +23,19 @@ resource "docker_container" "database" {
dynamic "healthcheck" {
for_each = var.mongodb_params.windows ? [] : [1]
content {
test = ["CMD", "mongosh", "--quiet", "--tls", "--tlsCAFile", "/cert/ca.pem", "--eval", "db.runCommand('ping').ok"]
test = ["CMD", "mongosh", "--quiet", "--tls", "--tlsCAFile", "/mongo-certificate/ca.pem", "--eval", "db.runCommand('ping').ok"]
interval = "3s"
retries = "2"
timeout = "3s"
}
}
upload {
file = "/cert/key.pem"
file = "/mongo-certificate/key.pem"
content = local.server_key
}

upload {
file = "/cert/ca.pem"
file = "/mongo-certificate/ca.pem"
content = tls_locally_signed_cert.mongodb_certificate.ca_cert_pem
}
}
Expand All @@ -46,7 +46,7 @@ resource "time_sleep" "wait" {
}

locals {
linux_run = "docker exec ${docker_container.database.name} mongosh mongodb://127.0.0.1:27017/${var.mongodb_params.database_name} --tls --tlsCAFile /cert/ca.pem"
linux_run = "docker exec ${docker_container.database.name} mongosh mongodb://127.0.0.1:27017/${var.mongodb_params.database_name} --tls --tlsCAFile /mongo-certificate/ca.pem"
// mongosh is not installed in windows docker images so we need it to be installed locally
windows_run = "mongosh.exe mongodb://localhost:${var.mongodb_params.exposed_port}/${var.mongodb_params.database_name} --tls --tlsCAFile ${local_sensitive_file.ca.filename}"
prefix_run = var.mongodb_params.windows ? local.windows_run : local.linux_run
Expand Down
4 changes: 2 additions & 2 deletions terraform/modules/storage/database/mongo/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ output "generated_env_vars" {
"MongoDB__ReplicaSet" = "${var.mongodb_params.replica_set_name}"
"MongoDB__Tls" = "true"
"MongoDB__AllowInsecureTls" = "true"
"MongoDB__CAFile" = "/cert/ca.pem"
"MongoDB__CAFile" = "/mongo-certificate/ca.pem"
"MongoDB__ServerSelectionTimeout" = "00:00:20"
}

Expand All @@ -20,6 +20,6 @@ output "generated_env_vars" {

output "core_mounts" {
value = {
"/cert/ca.pem" = local_sensitive_file.ca.filename
"/mongo-certificate/ca.pem" = local_sensitive_file.ca.filename
}
}

0 comments on commit 12546f4

Please sign in to comment.