From 59f3bb8c7e1523dbcf54234e98fc19dbb8cf64d2 Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Sun, 7 Dec 2025 10:42:02 -0300 Subject: [PATCH] refactor: standardize component names for certificates and DNS - Rename service names to component names: - postgres -> tables - minio -> drive - redis -> cache - qdrant -> vectordb - mail -> email - Update bootstrap certificate generation with new hostnames - Update CoreDNS zone file with component-based DNS entries - Update CA service certificates to use component names - Update CA directory creation to use component names All certificates include 127.0.0.1 as SAN for IP-based mTLS access --- src/core/bootstrap/mod.rs | 42 ++++++++++++++++++++++++--------------- src/security/ca.rs | 20 ++++++++++--------- 2 files changed, 37 insertions(+), 25 deletions(-) diff --git a/src/core/bootstrap/mod.rs b/src/core/bootstrap/mod.rs index c56bd70c7..5c1ce1eb2 100644 --- a/src/core/bootstrap/mod.rs +++ b/src/core/bootstrap/mod.rs @@ -543,7 +543,7 @@ meet.botserver.local {{ fs::write(dns_config, corefile)?; - // Create initial zone file + // Create initial zone file with component names let zone = r#"$ORIGIN botserver.local. $TTL 60 @ IN SOA ns1.botserver.local. admin.botserver.local. ( @@ -556,12 +556,21 @@ $TTL 60 IN NS ns1.botserver.local. ns1 IN A 127.0.0.1 -; Static entries -api IN A 127.0.0.1 -auth IN A 127.0.0.1 -llm IN A 127.0.0.1 -mail IN A 127.0.0.1 -meet IN A 127.0.0.1 +; Core services +api IN A 127.0.0.1 +tables IN A 127.0.0.1 +drive IN A 127.0.0.1 +cache IN A 127.0.0.1 +vectordb IN A 127.0.0.1 +vault IN A 127.0.0.1 + +; Application services +llm IN A 127.0.0.1 +embedding IN A 127.0.0.1 +directory IN A 127.0.0.1 +auth IN A 127.0.0.1 +email IN A 127.0.0.1 +meet IN A 127.0.0.1 ; Dynamic entries will be added below "#; @@ -1272,6 +1281,7 @@ log_level = "info" } // Services that need certificates - Vault FIRST + // Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant) let services = vec![ ("vault", vec!["localhost", "127.0.0.1", "vault.botserver.local"]), ("api", vec!["localhost", "127.0.0.1", "api.botserver.local"]), @@ -1281,20 +1291,20 @@ log_level = "info" vec!["localhost", "127.0.0.1", "embedding.botserver.local"], ), ( - "qdrant", - vec!["localhost", "127.0.0.1", "qdrant.botserver.local"], + "vectordb", + vec!["localhost", "127.0.0.1", "vectordb.botserver.local"], ), ( - "postgres", - vec!["localhost", "127.0.0.1", "postgres.botserver.local"], + "tables", + vec!["localhost", "127.0.0.1", "tables.botserver.local"], ), ( - "redis", - vec!["localhost", "127.0.0.1", "redis.botserver.local"], + "cache", + vec!["localhost", "127.0.0.1", "cache.botserver.local"], ), ( - "minio", - vec!["localhost", "127.0.0.1", "minio.botserver.local"], + "drive", + vec!["localhost", "127.0.0.1", "drive.botserver.local"], ), ( "directory", @@ -1310,7 +1320,7 @@ log_level = "info" vec![ "localhost", "127.0.0.1", - "mail.botserver.local", + "email.botserver.local", "smtp.botserver.local", "imap.botserver.local", ], diff --git a/src/security/ca.rs b/src/security/ca.rs index 5a90173ff..d3467b370 100644 --- a/src/security/ca.rs +++ b/src/security/ca.rs @@ -350,15 +350,16 @@ impl CaManager { } /// Issue certificates for all services + /// Using component names: tables (postgres), drive (minio), cache (redis), vectordb (qdrant) pub fn issue_service_certificates(&self) -> Result<()> { let services = vec![ - ("api", vec!["localhost", "botserver", "127.0.0.1"]), + ("api", vec!["localhost", "api", "127.0.0.1"]), ("llm", vec!["localhost", "llm", "127.0.0.1"]), ("embedding", vec!["localhost", "embedding", "127.0.0.1"]), - ("qdrant", vec!["localhost", "qdrant", "127.0.0.1"]), - ("postgres", vec!["localhost", "postgres", "127.0.0.1"]), - ("redis", vec!["localhost", "redis", "127.0.0.1"]), - ("minio", vec!["localhost", "minio", "127.0.0.1"]), + ("vectordb", vec!["localhost", "vectordb", "127.0.0.1"]), + ("tables", vec!["localhost", "tables", "127.0.0.1"]), + ("cache", vec!["localhost", "cache", "127.0.0.1"]), + ("drive", vec!["localhost", "drive", "127.0.0.1"]), ("directory", vec!["localhost", "directory", "127.0.0.1"]), ("email", vec!["localhost", "email", "127.0.0.1"]), ("meet", vec!["localhost", "meet", "127.0.0.1"]), @@ -410,6 +411,7 @@ impl CaManager { } /// Create CA directory structure + /// Using component names: tables, drive, cache, vectordb fn create_ca_directories(&self) -> Result<()> { let ca_dir = self .config @@ -421,10 +423,10 @@ impl CaManager { fs::create_dir_all("certs/api")?; fs::create_dir_all("certs/llm")?; fs::create_dir_all("certs/embedding")?; - fs::create_dir_all("certs/qdrant")?; - fs::create_dir_all("certs/postgres")?; - fs::create_dir_all("certs/redis")?; - fs::create_dir_all("certs/minio")?; + fs::create_dir_all("certs/vectordb")?; + fs::create_dir_all("certs/tables")?; + fs::create_dir_all("certs/cache")?; + fs::create_dir_all("certs/drive")?; fs::create_dir_all("certs/directory")?; fs::create_dir_all("certs/email")?; fs::create_dir_all("certs/meet")?;