I rebooted the instance after I performed the steps - Generate ENC Strings for morpheus-secrets.json.
When I checked the secrets.json file , it was updated (Mysql root password, ops password, Rabbitmq and elastic search) except morpheus_password under MySQL. I can access the Morpheus URL after reconfiguring the Morpheus configuration and rebooting the instance.
So, I did additional steps by following " Generate ENC Strings for custom morpheus.rb entries “. In this step, I encrypted the morpheus_password of MySQL and then reconfigure, and reboot it.
When Instance back, I can’t access the Morpheus URL and it says " https status 404 not found”.
So, question is that does Morpheus encryption support for external services or not?
I also noticed that information on the Morpheus website is below and would like to understand it clearly.
{ Service configuration settings are not applicable for externalized services such as external mysql/percona, elasticsearch or rabbitmq clusters. Only connection settings are applicable for external services. }
I tested the above from our docs link you provided and it appears to be working without issue for me on a new install of 5.5.2 and an external mysql DB.
The steps I took
Run “morpheus-ctl get-crypto-string migrate” to get the encrypted values for the morpheus-secrets.json file
Update the morpheus-secrets.json with the equivalent values from the migrate command.
Ran reconfigure and a Morpheus restart to confirm working
That took care of the embedded services now we need to encrypt the external services.
In this example lets say my MYSQL password is password123 so I will need to run the below to get the encrypted value.
morpheus-ctl get-crypto-string string password123
This will produce the encrypted string something like $XXXXXXsdfv4ds90098sdsade==
We now need to add this to the rb file so my rb file would look something like this.
Save the file, run a reconfigure and restart morpheus-ui
My environment comes up without issue.
The question on this statement below in the docs.
{ Service configuration settings are not applicable for externalized services such as external mysql/percona, elasticsearch or rabbitmq clusters. Only connection settings are applicable for external services. }
This is stating that the password in the morpheus-secrets.json are only for the embedded services so if you are using any external services defined in the morpheus.rb file then adding the passwords here for those services will not do anything. Those will need to be done with the custom string command morpheus-ctl get-crypto-string string and then added to the morpheus.rb file on your external services definition.
Thank you so much for your feedback. Previously, I also did as you provided but only different is I used suffix ( full command: morpheus-ctl get-crypto-string string $clear_text ‘$suffix’ ) and added " app[‘encrypted_key_suffix’] = ‘key’ " morpheus.rb file. I will try again without suffix as you tested.
I believe it is also referring to the actual service configurations as well. If you have an external MySQL cluster, you would set parameters like mysql[‘max_allowed_packet’] = 67108864 in the external system and not in the Morpheus RB file since the MySQL cluster would be independently configured and managed
