Move kratos DB to /nsm

salt/common/tools/sbin/so-user

@@ -45,7 +45,7 @@ email=$2
 role=$3
 
 kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434/admin}
-databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
+databasePath=${KRATOS_DB_PATH:-/nsm/kratos/db/db.sqlite}
 databaseTimeout=${KRATOS_DB_TIMEOUT:-5000}
 bcryptRounds=${BCRYPT_ROUNDS:-12}
 elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}

salt/common/tools/sbin/soup

@@ -551,6 +551,7 @@ preupgrade_changes() {
     [[ "$INSTALLEDVERSION" == 2.3.180 ]] && up_to_2.3.181
     [[ "$INSTALLEDVERSION" == 2.3.181 ]] && up_to_2.3.182
     [[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190
+    [[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
     true
 }
 
@@ -574,6 +575,7 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.3.180 ]] && post_to_2.3.181
     [[ "$POSTVERSION" == 2.3.181 ]] && post_to_2.3.182
     [[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190
+    [[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
 
     true
 }
@@ -692,6 +694,11 @@ post_to_2.3.190() {
   POSTVERSION=2.3.190
 }
 
+post_to_2.3.200() {
+  echo "Nothing to do for .200"
+  POSTVERSION=2.3.200
+}
+
 stop_salt_master() {
     # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
     set +e
@@ -1005,6 +1012,23 @@ up_to_2.3.190() {
   INSTALLEDVERSION=2.3.190
 }
 
+up_to_2.3.200() {
+  echo "Upgrading to 2.3.200"
+  if [ ! -d /nsm/kratos ]; then
+    mkdir /nsm/kratos
+    chown -R kratos:kratos /nsm/kratos
+    chmod 700 /nsm/kratos
+  fi
+  if [ ! -d /nsm/kratos/db ]; then
+    echo "Moving Kratos DB to /nsm partition..."
+    mv /opt/so/conf/kratos/db /nsm/kratos/
+    echo "Move completed successfully"
+  else
+    echo "WARNING: /nsm/kratos/db already exists. This is unexpected and could result in SOC users no longer being able to login."
+  fi
+  INSTALLEDVERSION=2.3.200
+}
+
 verify_upgradespace() {
   CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
   if [ "$CURRENTSPACE" -lt "10" ]; then

salt/kratos/init.sls

@@ -20,9 +20,18 @@ kratos:
     
 kratosdir:
   file.directory:
-    - name: /opt/so/conf/kratos/db
+    - name: /nsm/kratos
     - user: 928
     - group: 928
+    - mode: 700
+    - makedirs: True
+
+kratosdbdir:
+  file.directory:
+    - name: /nsm/kratos/db
+    - user: 928
+    - group: 928
+    - mode 700
     - makedirs: True
 
 kratoslogdir:
@@ -58,7 +67,7 @@ so-kratos:
       - /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro    
       - /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
       - /opt/so/log/kratos/:/kratos-log:rw
-      - /opt/so/conf/kratos/db:/kratos-data:rw
+      - /nsm/kratos/db:/kratos-data:rw
     - port_bindings:
       - 0.0.0.0:4433:4433
       - 0.0.0.0:4434:4434

setup/so-functions

@@ -118,7 +118,7 @@ add_soremote_user_manager() {
 }
 
 add_web_user() {
-	wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5
+	wait_for_file /nsm/kratos/db/db.sqlite 30 5
 	{
 		echo "Attempting to add administrator user for web interface...";
 		export SKIP_STATE_APPLY=true