summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.tito/packages/openshift-ansible2
-rw-r--r--BUILD.md4
-rw-r--r--DEPLOYMENT_TYPES.md2
-rw-r--r--README_AWS.md7
-rw-r--r--README_GCE.md2
-rw-r--r--README_openstack.md8
-rw-r--r--callback_plugins/default.py66
-rw-r--r--filter_plugins/oo_filters.py57
-rw-r--r--filter_plugins/openshift_master.py18
-rw-r--r--inventory/byo/hosts.aep.example468
-rw-r--r--inventory/byo/hosts.aep_quickstart20
-rw-r--r--inventory/byo/hosts.origin.example114
-rw-r--r--inventory/byo/hosts.ose.example112
-rwxr-xr-xlibrary/delegated_serial_command.py275
-rwxr-xr-xlibrary/modify_yaml.py30
-rw-r--r--library/rpm_q.py70
-rw-r--r--openshift-ansible.spec277
-rw-r--r--playbooks/adhoc/bootstrap-fedora.yml3
-rw-r--r--playbooks/adhoc/metrics_setup/playbooks/install.yml9
-rw-r--r--playbooks/adhoc/uninstall.yml44
-rw-r--r--playbooks/aws/openshift-cluster/config.yml2
-rw-r--r--playbooks/byo/openshift-cluster/config.yml5
-rw-r--r--playbooks/byo/openshift-cluster/enable_dnsmasq.yml4
-rw-r--r--playbooks/byo/openshift-cluster/redeploy-certificates.yml22
l---------playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh1
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_2/README.md6
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml14
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_3/README.md18
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml67
-rw-r--r--playbooks/byo/openshift_facts.yml2
-rw-r--r--playbooks/common/openshift-cluster/additional_config.yml14
-rw-r--r--playbooks/common/openshift-cluster/config.yml22
-rw-r--r--playbooks/common/openshift-cluster/enable_dnsmasq.yml4
-rw-r--r--playbooks/common/openshift-cluster/evaluate_groups.yml2
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml30
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates.yml245
l---------playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j21
-rw-r--r--playbooks/common/openshift-cluster/upgrades/containerized_node_upgrade.yml (renamed from playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml)4
l---------playbooks/common/openshift-cluster/upgrades/docker-cluster1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml22
-rw-r--r--playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh8
l---------playbooks/common/openshift-cluster/upgrades/master_docker1
l---------playbooks/common/openshift-cluster/upgrades/native-cluster1
l---------playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service1
l---------playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service1
l---------playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service1
l---------playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j21
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post.yml (renamed from playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml)13
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre.yml (renamed from playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml)78
-rw-r--r--playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml (renamed from playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml)0
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade.yml (renamed from playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml)164
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j21
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service1
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j21
l---------playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml40
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml21
-rw-r--r--playbooks/common/openshift-etcd/config.yml117
-rw-r--r--playbooks/common/openshift-master/config.yml166
-rw-r--r--playbooks/common/openshift-master/scaleup.yml9
-rw-r--r--playbooks/common/openshift-node/config.yml144
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml36
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml29
-rw-r--r--playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml2
-rw-r--r--playbooks/libvirt/openshift-cluster/templates/network.xml2
-rw-r--r--playbooks/libvirt/openshift-cluster/templates/storage-pool.xml6
-rw-r--r--playbooks/openstack/openshift-cluster/files/heat_stack.yaml11
-rw-r--r--playbooks/openstack/openshift-cluster/launch.yml43
-rw-r--r--playbooks/openstack/openshift-cluster/list.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/terminate.yml2
-rw-r--r--playbooks/openstack/openshift-cluster/vars.yml2
-rw-r--r--roles/cockpit-ui/meta/main.yml13
-rw-r--r--roles/cockpit-ui/tasks/main.yml44
-rw-r--r--roles/docker/tasks/main.yml7
-rw-r--r--roles/etcd/meta/main.yml4
-rw-r--r--roles/etcd/tasks/main.yml24
-rw-r--r--roles/etcd/templates/etcd.conf.j22
-rw-r--r--roles/etcd_ca/meta/main.yml6
-rw-r--r--roles/etcd_ca/tasks/main.yml16
-rw-r--r--roles/etcd_certificates/tasks/client.yml42
-rw-r--r--roles/etcd_certificates/tasks/main.yml6
-rw-r--r--roles/etcd_certificates/tasks/server.yml71
-rw-r--r--roles/etcd_client_certificates/README.md (renamed from roles/etcd_certificates/README.md)4
l---------roles/etcd_client_certificates/library1
-rw-r--r--roles/etcd_client_certificates/meta/main.yml16
-rw-r--r--roles/etcd_client_certificates/tasks/main.yml137
-rw-r--r--roles/etcd_server_certificates/README.md34
l---------roles/etcd_server_certificates/library1
-rw-r--r--roles/etcd_server_certificates/meta/main.yml (renamed from roles/etcd_certificates/meta/main.yml)6
-rw-r--r--roles/etcd_server_certificates/tasks/main.yml179
-rw-r--r--roles/flannel/README.md18
-rw-r--r--roles/flannel/defaults/main.yaml7
-rw-r--r--roles/flannel/meta/main.yml6
-rw-r--r--roles/flannel_register/README.md2
-rw-r--r--roles/openshift_ca/meta/main.yml1
-rw-r--r--roles/openshift_ca/tasks/main.yml78
-rw-r--r--roles/openshift_cloud_provider/tasks/main.yml8
-rw-r--r--roles/openshift_cloud_provider/tasks/openstack.yml2
-rw-r--r--roles/openshift_cloud_provider/templates/openstack.conf.j220
-rw-r--r--roles/openshift_cloud_provider/vars/main.yml6
-rw-r--r--roles/openshift_cluster_metrics/README.md36
-rw-r--r--roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml53
-rw-r--r--roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml4
-rw-r--r--roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml30
-rw-r--r--roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml67
-rw-r--r--roles/openshift_cluster_metrics/tasks/main.yml49
-rw-r--r--roles/openshift_common/tasks/main.yml8
-rw-r--r--roles/openshift_etcd_client_certificates/meta/main.yml16
-rw-r--r--roles/openshift_etcd_facts/tasks/main.yml5
-rw-r--r--roles/openshift_etcd_facts/vars/main.yml5
-rw-r--r--roles/openshift_etcd_server_certificates/meta/main.yml16
-rw-r--r--roles/openshift_examples/defaults/main.yml6
-rwxr-xr-xroles/openshift_examples/examples-sync.sh7
l---------roles/openshift_examples/files/examples/latest2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json184
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json208
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json11
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json11
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json17
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json16
-rw-r--r--roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json36
-rw-r--r--roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json17
-rw-r--r--roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml1
-rw-r--r--roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json6
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json (renamed from roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json)11
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json6
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json2
-rw-r--r--roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json87
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json58
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json15
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json15
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json696
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json339
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json473
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json78
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json20
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json42
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json42
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json46
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json46
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json193
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json82
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json33
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json55
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json55
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json767
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json1079
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json959
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json1052
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json932
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json345
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json792
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json716
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json765
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json689
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json (renamed from roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json)218
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json186
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json186
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json190
-rw-r--r--roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json194
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/README.md24
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json184
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json208
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json11
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json11
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json17
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json16
-rw-r--r--roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json36
-rw-r--r--roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml38
-rw-r--r--roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml124
-rw-r--r--roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml1
-rw-r--r--roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml16
-rw-r--r--roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml124
-rw-r--r--roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json87
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json10
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json8
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json58
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json15
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json15
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json696
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json339
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json473
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json78
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json20
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json38
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json42
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json42
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json46
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json46
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json193
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json82
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json90
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json33
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json51
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json55
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json55
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json767
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json4
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json12
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json1079
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json959
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json1052
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json932
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json345
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json792
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json716
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json765
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json689
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json (renamed from roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json)218
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json186
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json186
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json190
-rw-r--r--roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json194
-rw-r--r--roles/openshift_examples/tasks/main.yml19
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py86
-rw-r--r--roles/openshift_facts/tasks/main.yml2
-rw-r--r--roles/openshift_hosted/meta/main.yml25
-rw-r--r--roles/openshift_hosted/tasks/main.yml3
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml26
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml3
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml7
-rw-r--r--roles/openshift_hosted/templates/registry_config.j27
-rw-r--r--roles/openshift_loadbalancer/templates/haproxy.cfg.j21
-rw-r--r--roles/openshift_manage_node/tasks/main.yml3
-rw-r--r--roles/openshift_master/handlers/main.yml7
-rw-r--r--roles/openshift_master/meta/main.yml30
-rw-r--r--roles/openshift_master/tasks/main.yml84
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml55
-rw-r--r--roles/openshift_master/templates/atomic-openshift-master.j26
-rw-r--r--roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j22
-rw-r--r--roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j22
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j232
-rw-r--r--roles/openshift_master/templates/master_docker/master.docker.service.j2 (renamed from roles/openshift_master/templates/docker/master.docker.service.j2)2
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j26
-rw-r--r--roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j26
-rw-r--r--roles/openshift_master_certificates/meta/main.yml1
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml93
-rw-r--r--roles/openshift_master_facts/tasks/main.yml2
-rw-r--r--roles/openshift_master_facts/vars/main.yml7
-rw-r--r--roles/openshift_metrics/handlers/main.yml31
-rw-r--r--roles/openshift_metrics/tasks/install.yml114
-rw-r--r--roles/openshift_metrics/tasks/main.yaml125
-rw-r--r--roles/openshift_metrics/vars/main.yaml15
-rw-r--r--roles/openshift_named_certificates/README.md32
-rw-r--r--roles/openshift_named_certificates/meta/main.yml (renamed from roles/openshift_etcd_certificates/meta/main.yml)8
-rw-r--r--roles/openshift_named_certificates/tasks/main.yml46
-rw-r--r--roles/openshift_named_certificates/tasks/named_certificates.yml32
-rw-r--r--roles/openshift_named_certificates/vars/main.yml11
-rw-r--r--roles/openshift_node/meta/main.yml24
-rw-r--r--roles/openshift_node/tasks/main.yml32
-rw-r--r--roles/openshift_node/tasks/storage_plugins/main.yml17
-rw-r--r--roles/openshift_node/tasks/storage_plugins/nfs.yml8
-rw-r--r--roles/openshift_node/tasks/systemd_units.yml6
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j212
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.service2
-rw-r--r--roles/openshift_node/templates/partials/kubeletArguments.j25
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml12
-rw-r--r--roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo8
-rw-r--r--roles/openshift_repos/files/online/repos/enterprise-v3.repo10
-rw-r--r--roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo11
-rw-r--r--roles/openshift_repos/files/removed/repos/epel7-openshift.repo0
-rw-r--r--roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo7
-rw-r--r--roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo0
-rw-r--r--roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo0
-rw-r--r--roles/openshift_repos/tasks/main.yaml50
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml6
-rw-r--r--roles/openshift_storage_nfs/tasks/main.yml22
-rw-r--r--roles/openshift_storage_nfs/templates/exports.j21
-rw-r--r--roles/openshift_version/tasks/main.yml4
-rw-r--r--test/modify_yaml_tests.py37
-rw-r--r--utils/.gitignore3
-rw-r--r--utils/Makefile83
-rw-r--r--utils/README.md41
-rw-r--r--utils/README.txt24
-rw-r--r--utils/docs/config.md57
-rw-r--r--utils/etc/ansible.cfg3
-rw-r--r--utils/src/ooinstall/__init__.py4
-rw-r--r--utils/src/ooinstall/ansible_plugins/facts_callback.py62
-rw-r--r--utils/src/ooinstall/cli_installer.py429
-rw-r--r--utils/src/ooinstall/oo_config.py181
-rw-r--r--utils/src/ooinstall/openshift_ansible.py194
-rw-r--r--utils/src/ooinstall/variants.py45
-rw-r--r--utils/test-requirements.txt11
-rw-r--r--utils/test/cli_installer_tests.py58
-rw-r--r--utils/test/fixture.py27
-rw-r--r--utils/test/oo_config_tests.py31
364 files changed, 28560 insertions, 3824 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible
index 5976f188e..12d2214cc 100644
--- a/.tito/packages/openshift-ansible
+++ b/.tito/packages/openshift-ansible
@@ -1 +1 @@
-3.3.2-1 ./
+3.4.1-1 ./
diff --git a/BUILD.md b/BUILD.md
index 806630dbe..15d3d6240 100644
--- a/BUILD.md
+++ b/BUILD.md
@@ -5,9 +5,9 @@ For more information on tito, please see the [Tito home page](https://github.com
## Build openshift-ansible-bin
-- Change into openshift-ansible/bin
+- Change into openshift-ansible
```
-cd openshift-ansible/bin
+cd openshift-ansible
```
- Build a test package (no tagging needed)
```
diff --git a/DEPLOYMENT_TYPES.md b/DEPLOYMENT_TYPES.md
index 1f64e223a..668d14fc0 100644
--- a/DEPLOYMENT_TYPES.md
+++ b/DEPLOYMENT_TYPES.md
@@ -15,7 +15,7 @@ The table below outlines the defaults per `deployment_type`.
| **Image Streams** | centos | rhel + xpaas | N/A | rhel |
-**NOTE** `enterprise` deloyment type is used for OpenShift Enterprise version
+**NOTE** `enterprise` deployment type is used for OpenShift Enterprise version
3.0.x OpenShift Enterprise deployments utilizing version 3.1 and later will
make use of the new `openshift-enterprise` deployment type. Additional work to
migrate between the two will be forthcoming.
diff --git a/README_AWS.md b/README_AWS.md
index f3f98fed5..cccb122f6 100644
--- a/README_AWS.md
+++ b/README_AWS.md
@@ -135,7 +135,12 @@ Install Dependencies
--------------------
1. Ansible requires python-boto for aws operations:
-RHEL/CentOS/Fedora
+Fedora
+```
+ dnf install -y ansible python-boto pyOpenSSL
+```
+
+RHEL/CentOS
```
yum install -y ansible python-boto pyOpenSSL
```
diff --git a/README_GCE.md b/README_GCE.md
index df9942f24..f909630aa 100644
--- a/README_GCE.md
+++ b/README_GCE.md
@@ -86,6 +86,8 @@ Install Dependencies
yum install -y ansible python-libcloud
```
+> Installation using Mac OSX requires pycrypto library
+> $ pip install pycrypto
Test The Setup
--------------
diff --git a/README_openstack.md b/README_openstack.md
index e3cc7cc93..1998a5878 100644
--- a/README_openstack.md
+++ b/README_openstack.md
@@ -17,7 +17,12 @@ Install Dependencies
* `python-neutronclient`
* `python-heatclient`
-On RHEL / CentOS / Fedora:
+On Fedora:
+```
+ dnf install -y ansible python-novaclient python-neutronclient python-heatclient
+```
+
+On RHEL / CentOS:
```
yum install -y ansible python-novaclient python-neutronclient python-heatclient
```
@@ -43,6 +48,7 @@ The following options are used only by `heat_stack.yaml`. They are so used only
* `external_net` (default to `external`): Name of the external network to connect to
* `floating_ip_pool` (default to `external`): comma separated list of floating IP pools
* `ssh_from` (default to `0.0.0.0/0`): IPs authorized to connect to the VMs via ssh
+* `node_port_from` (default to `0.0.0.0/0`): IPs authorized to connect to the services exposed via nodePort
Creating a cluster
diff --git a/callback_plugins/default.py b/callback_plugins/default.py
new file mode 100644
index 000000000..bc0b207bb
--- /dev/null
+++ b/callback_plugins/default.py
@@ -0,0 +1,66 @@
+'''Plugin to override the default output logic.'''
+
+# upstream: https://gist.github.com/cliffano/9868180
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+# For some reason this has to be done
+import imp
+import os
+
+ANSIBLE_PATH = imp.find_module('ansible')[1]
+DEFAULT_PATH = os.path.join(ANSIBLE_PATH, 'plugins/callback/default.py')
+DEFAULT_MODULE = imp.load_source(
+ 'ansible.plugins.callback.default',
+ DEFAULT_PATH
+)
+
+try:
+ from ansible.plugins.callback import CallbackBase
+ BASECLASS = CallbackBase
+except ImportError: # < ansible 2.1
+ BASECLASS = DEFAULT_MODULE.CallbackModule
+
+
+class CallbackModule(DEFAULT_MODULE.CallbackModule): # pylint: disable=too-few-public-methods,no-init
+ '''
+ Override for the default callback module.
+
+ Render std err/out outside of the rest of the result which it prints with
+ indentation.
+ '''
+ CALLBACK_VERSION = 2.0
+ CALLBACK_TYPE = 'stdout'
+ CALLBACK_NAME = 'default'
+
+ def _dump_results(self, result):
+ '''Return the text to output for a result.'''
+ result['_ansible_verbose_always'] = True
+
+ save = {}
+ for key in ['stdout', 'stdout_lines', 'stderr', 'stderr_lines', 'msg']:
+ if key in result:
+ save[key] = result.pop(key)
+
+ output = BASECLASS._dump_results(self, result) # pylint: disable=protected-access
+
+ for key in ['stdout', 'stderr', 'msg']:
+ if key in save and save[key]:
+ output += '\n\n%s:\n\n%s\n' % (key.upper(), save[key])
+
+ for key, value in save.items():
+ result[key] = value
+
+ return output
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index ec00a1646..a4dceb679 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -17,6 +17,7 @@ import re
import json
import yaml
from ansible.utils.unicode import to_unicode
+from urlparse import urlparse
# Disabling too-many-public-methods, since filter methods are necessarily
# public
@@ -37,6 +38,8 @@ class FilterModule(object):
def get_attr(data, attribute=None):
""" This looks up dictionary attributes of the form a.b.c and returns
the value.
+
+ If the key isn't present, None is returned.
Ex: data = {'a': {'b': {'c': 5}}}
attribute = "a.b.c"
returns 5
@@ -46,10 +49,15 @@ class FilterModule(object):
ptr = data
for attr in attribute.split('.'):
- ptr = ptr[attr]
+ if attr in ptr:
+ ptr = ptr[attr]
+ else:
+ ptr = None
+ break
return ptr
+
@staticmethod
def oo_flatten(data):
""" This filter plugin will flatten a list of lists
@@ -138,6 +146,8 @@ class FilterModule(object):
else:
retval = [FilterModule.get_attr(d, attribute) for d in data]
+ retval = [val for val in retval if val != None]
+
return retval
@staticmethod
@@ -474,16 +484,20 @@ class FilterModule(object):
""" Parses names from list of certificate hashes.
Ex: certificates = [{ "certfile": "/root/custom1.crt",
- "keyfile": "/root/custom1.key" },
+ "keyfile": "/root/custom1.key",
+ "cafile": "/root/custom-ca1.crt" },
{ "certfile": "custom2.crt",
- "keyfile": "custom2.key" }]
+ "keyfile": "custom2.key",
+ "cafile": "custom-ca2.crt" }]
returns [{ "certfile": "/etc/origin/master/named_certificates/custom1.crt",
"keyfile": "/etc/origin/master/named_certificates/custom1.key",
+ "cafile": "/etc/origin/master/named_certificates/custom-ca1.crt",
"names": [ "public-master-host.com",
"other-master-host.com" ] },
{ "certfile": "/etc/origin/master/named_certificates/custom2.crt",
"keyfile": "/etc/origin/master/named_certificates/custom2.key",
+ "cafile": "/etc/origin/master/named_certificates/custom-ca-2.crt",
"names": [ "some-hostname.com" ] }]
"""
if not isinstance(named_certs_dir, basestring):
@@ -514,17 +528,20 @@ class FilterModule(object):
raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] +
"please specify certificate names in host inventory"))
- certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames]
- certificate['names'] = list(set(certificate['names']))
- if not certificate['names']:
- raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] +
- "detected a collision with internal hostname, please specify " +
- "certificate names in host inventory"))
+ if 'cafile' not in certificate:
+ certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames]
+ certificate['names'] = list(set(certificate['names']))
+ if not certificate['names']:
+ raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] +
+ "detected a collision with internal hostname, please specify " +
+ "certificate names in host inventory"))
for certificate in certificates:
# Update paths for configuration
certificate['certfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['certfile']))
certificate['keyfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['keyfile']))
+ if 'cafile' in certificate:
+ certificate['cafile'] = os.path.join(named_certs_dir, os.path.basename(certificate['cafile']))
return certificates
@staticmethod
@@ -693,7 +710,7 @@ class FilterModule(object):
fsType=filesystem,
volumeID=volume_id)))
persistent_volumes.append(persistent_volume)
- elif kind != 'object':
+ elif not (kind == 'object' or kind == 'dynamic'):
msg = "|failed invalid storage kind '{0}' for component '{1}'".format(
kind,
component)
@@ -717,7 +734,8 @@ class FilterModule(object):
if 'storage' in hostvars['openshift']['hosted'][component]:
kind = hostvars['openshift']['hosted'][component]['storage']['kind']
create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv']
- if kind != None and create_pv:
+ create_pvc = hostvars['openshift']['hosted'][component]['storage']['create_pvc']
+ if kind != None and create_pv and create_pvc:
volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name']
size = hostvars['openshift']['hosted'][component]['storage']['volume']['size']
access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes']
@@ -813,6 +831,22 @@ class FilterModule(object):
return version
+ @staticmethod
+ def oo_hostname_from_url(url):
+ """ Returns the hostname contained in a URL
+
+ Ex: https://ose3-master.example.com/v1/api -> ose3-master.example.com
+ """
+ if not isinstance(url, basestring):
+ raise errors.AnsibleFilterError("|failed expects a string or unicode")
+ parse_result = urlparse(url)
+ if parse_result.netloc != '':
+ return parse_result.netloc
+ else:
+ # netloc wasn't parsed, assume url was missing scheme and path
+ return parse_result.path
+
+
def filters(self):
""" returns a mapping of filters to methods """
return {
@@ -843,5 +877,6 @@ class FilterModule(object):
"oo_get_hosts_from_hostvars": self.oo_get_hosts_from_hostvars,
"oo_image_tag_to_rpm_version": self.oo_image_tag_to_rpm_version,
"oo_merge_dicts": self.oo_merge_dicts,
+ "oo_hostname_from_url": self.oo_hostname_from_url,
"oo_merge_hostvars": self.oo_merge_hostvars,
}
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index b3f284a8e..ee6a62ba5 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -237,7 +237,11 @@ class RequestHeaderIdentityProvider(IdentityProviderBase):
self._required += [['headers']]
self._optional += [['challengeURL', 'challenge_url'],
['loginURL', 'login_url'],
- ['clientCA', 'client_ca']]
+ ['clientCA', 'client_ca'],
+ ['clientCommonNames', 'client_common_names'],
+ ['emailHeaders', 'email_headers'],
+ ['nameHeaders', 'name_headers'],
+ ['preferredUsernameHeaders', 'preferred_username_headers']]
def validate(self):
''' validate this idp instance '''
@@ -521,7 +525,7 @@ class FilterModule(object):
return valid
@staticmethod
- def certificates_to_synchronize(hostvars):
+ def certificates_to_synchronize(hostvars, include_keys=True):
''' Return certificates to synchronize based on facts. '''
if not issubclass(type(hostvars), dict):
raise errors.AnsibleFilterError("|failed expects hostvars is a dict")
@@ -535,9 +539,10 @@ class FilterModule(object):
'openshift-registry.kubeconfig',
'openshift-router.crt',
'openshift-router.key',
- 'openshift-router.kubeconfig',
- 'serviceaccounts.private.key',
- 'serviceaccounts.public.key']
+ 'openshift-router.kubeconfig']
+ if bool(include_keys):
+ certs += ['serviceaccounts.private.key',
+ 'serviceaccounts.public.key']
if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']):
certs += ['master.proxy-client.crt',
'master.proxy-client.key']
@@ -545,6 +550,9 @@ class FilterModule(object):
certs += ['openshift-master.crt',
'openshift-master.key',
'openshift-master.kubeconfig']
+ if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']):
+ certs += ['service-signer.crt',
+ 'service-signer.key']
return certs
@staticmethod
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example
deleted file mode 100644
index e038b39d5..000000000
--- a/inventory/byo/hosts.aep.example
+++ /dev/null
@@ -1,468 +0,0 @@
-# This is an example of a bring your own (byo) host inventory
-
-# Create an OSEv3 group that contains the masters and nodes groups
-[OSEv3:children]
-masters
-nodes
-etcd
-lb
-
-# Set variables common for all OSEv3 hosts
-[OSEv3:vars]
-# SSH user, this user should allow ssh based auth without requiring a
-# password. If using ssh key based auth, then the key should be managed by an
-# ssh agent.
-ansible_ssh_user=root
-
-# If ansible_ssh_user is not root, ansible_become must be set to true and the
-# user must be configured for passwordless sudo
-#ansible_become=yes
-
-# Debug level for all Atomic Enterprise components (Defaults to 2)
-debug_level=2
-
-# deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise
-deployment_type=atomic-enterprise
-
-# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we
-# rely on the version running on the first master. Works best for containerized installs where we can usually
-# use this to lookup the latest exact version of the container images, which is the tag actually used to configure
-# the cluster. For RPM installations we just verify the version detected in your configured repos matches this
-# release.
-openshift_release=v3.2
-
-# Specify an exact container image tag to install or configure.
-# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed.
-# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
-#openshift_image_tag=v3.2.0.46
-
-# Specify an exact rpm version to install or configure.
-# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed.
-# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
-#openshift_pkg_version=-3.2.0.46
-
-# Install the openshift examples
-#openshift_install_examples=true
-
-# Enable cluster metrics
-#use_cluster_metrics=true
-
-# Configure logoutURL in the master config for console customization
-# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url
-#openshift_master_logout_url=http://example.com
-
-# Configure extensionScripts in the master config for console customization
-# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets
-#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js']
-
-# Configure extensionStylesheets in the master config for console customization
-# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets
-#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css']
-
-# Configure extensions in the master config for console customization
-# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
-#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}]
-
-# Configure extensions in the master config for console customization
-# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
-#openshift_master_oauth_template=/path/to/login-template.html
-
-# Configure metricsPublicURL in the master config for cluster metrics
-# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
-#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
-
-# Configure loggingPublicURL in the master config for aggregate logging
-# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html
-#openshift_master_logging_public_url=https://kibana.example.com
-
-# Configure imagePolicyConfig in the master config
-# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
-#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
-
-# Docker Configuration
-# Add additional, insecure, and blocked registries to global docker configuration
-# For enterprise deployment types we ensure that registry.access.redhat.com is
-# included if you do not include it
-#openshift_docker_additional_registries=registry.example.com
-#openshift_docker_insecure_registries=registry.example.com
-#openshift_docker_blocked_registries=registry.hacker.com
-# Disable pushing to dockerhub
-#openshift_docker_disable_push_dockerhub=True
-# Items added, as is, to end of /etc/sysconfig/docker OPTIONS
-# Default value: "--log-driver=json-file --log-opt max-size=50m"
-#openshift_docker_options="-l warn --ipv6=false"
-
-# Specify exact version of Docker to configure or upgrade to.
-# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10.
-# docker_version="1.10.3"
-
-# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone.
-# docker_upgrade=False
-
-# Alternate image format string. If you're not modifying the format string and
-# only need to inject your own registry you may want to consider
-# openshift_docker_additional_registries instead
-#oreg_url=example.com/aep3/aep-${component}:${version}
-# If oreg_url points to a registry other than registry.access.redhat.com we can
-# modify image streams to point at that registry by setting the following to true
-#openshift_examples_modify_imagestreams=True
-
-# Additional yum repos to install
-#openshift_additional_repos=[{'id': 'aep-devel', 'name': 'aep-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
-
-# htpasswd auth
-openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
-# Defining htpasswd users
-#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'
-# or
-#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file>
-
-# Allow all auth
-#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
-
-# LDAP auth
-#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}]
-# Configuring the ldap ca certificate
-#openshift_master_ldap_ca=<ca text>
-# or
-#openshift_master_ldap_ca_file=<path to local ca file to use>
-
-# Available variables for configuring certificates for other identity providers:
-#openshift_master_openid_ca
-#openshift_master_openid_ca_file
-#openshift_master_request_header_ca
-#openshift_master_request_header_ca_file
-
-# Cloud Provider Configuration
-#
-# Note: You may make use of environment variables rather than store
-# sensitive configuration within the ansible inventory.
-# For example:
-#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
-#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
-#
-# AWS
-#openshift_cloudprovider_kind=aws
-# Note: IAM profiles may be used instead of storing API credentials on disk.
-#openshift_cloudprovider_aws_access_key=aws_access_key_id
-#openshift_cloudprovider_aws_secret_key=aws_secret_access_key
-#
-# Openstack
-#openshift_cloudprovider_kind=openstack
-#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/
-#openshift_cloudprovider_openstack_username=username
-#openshift_cloudprovider_openstack_password=password
-#openshift_cloudprovider_openstack_tenant_id=tenant_id
-#openshift_cloudprovider_openstack_tenant_name=tenant_name
-#openshift_cloudprovider_openstack_region=region
-#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id
-
-# Project Configuration
-#osm_project_request_message=''
-#osm_project_request_template=''
-#osm_mcs_allocator_range='s0:/2'
-#osm_mcs_labels_per_project=5
-#osm_uid_allocator_range='1000000000-1999999999/10000'
-
-# Configure additional projects
-#openshift_additional_projects={'my-project': {'default_node_selector': 'label=value'}}
-
-# Enable cockpit
-#osm_use_cockpit=true
-#
-# Set cockpit plugins
-#osm_cockpit_plugins=['cockpit-kubernetes']
-
-# Native high availability cluster method with optional load balancer.
-# If no lb group is defined, the installer assumes that a load balancer has
-# been preconfigured. For installation the value of
-# openshift_master_cluster_hostname must resolve to the load balancer
-# or to one or all of the masters defined in the inventory if no load
-# balancer is present.
-#openshift_master_cluster_method=native
-#openshift_master_cluster_hostname=openshift-ansible.test.example.com
-#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
-
-# Pacemaker high availability cluster method.
-# Pacemaker HA environment must be able to self provision the
-# configured VIP. For installation openshift_master_cluster_hostname
-# must resolve to the configured VIP.
-#openshift_master_cluster_method=pacemaker
-#openshift_master_cluster_password=openshift_cluster
-#openshift_master_cluster_vip=192.168.133.25
-#openshift_master_cluster_public_vip=192.168.133.25
-#openshift_master_cluster_hostname=openshift-ansible.test.example.com
-#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com
-
-# Override the default controller lease ttl
-#osm_controller_lease_ttl=30
-
-# Configure controller arguments
-#osm_controller_args={'resource-quota-sync-period': ['10s']}
-
-# Configure api server arguments
-#osm_api_server_args={'max-requests-inflight': ['400']}
-
-# default subdomain to use for exposed routes
-#openshift_master_default_subdomain=apps.test.example.com
-
-# additional cors origins
-#osm_custom_cors_origins=['foo.example.com', 'bar.example.com']
-
-# default project node selector
-#osm_default_node_selector='region=primary'
-
-# Override the default pod eviction timeout
-#openshift_master_pod_eviction_timeout=5m
-
-# Override the default oauth tokenConfig settings:
-# openshift_master_access_token_max_seconds=86400
-# openshift_master_auth_token_max_seconds=500
-
-# Override master servingInfo.maxRequestsInFlight
-#openshift_master_max_requests_inflight=500
-
-# default storage plugin dependencies to install, by default the ceph and
-# glusterfs plugin dependencies will be installed, if available.
-#osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
-
-# OpenShift Router Options
-#
-# An OpenShift router will be created during install if there are
-# nodes present with labels matching the default router selector,
-# "region=infra". Set openshift_node_labels per node as needed in
-# order to label nodes.
-#
-# Example:
-# [nodes]
-# node.example.com openshift_node_labels="{'region': 'infra'}"
-#
-# Router selector (optional)
-# Router will only be created if nodes matching this label are present.
-# Default value: 'region=infra'
-#openshift_hosted_router_selector='region=infra'
-#
-# Router replicas (optional)
-# Unless specified, openshift-ansible will calculate the replica count
-# based on the number of nodes matching the openshift router selector.
-#openshift_hosted_router_replicas=2
-#
-# Router force subdomain (optional)
-# A router path format to force on all routes used by this router
-# (will ignore the route host value)
-#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com'
-#
-# Router certificate (optional)
-# Provide local certificate paths which will be configured as the
-# router's default certificate.
-#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}
-
-# Openshift Registry Options
-#
-# An OpenShift registry will be created during install if there are
-# nodes present with labels matching the default registry selector,
-# "region=infra". Set openshift_node_labels per node as needed in
-# order to label nodes.
-#
-# Example:
-# [nodes]
-# node.example.com openshift_node_labels="{'region': 'infra'}"
-#
-# Registry selector (optional)
-# Registry will only be created if nodes matching this label are present.
-# Default value: 'region=infra'
-#openshift_hosted_registry_selector='region=infra'
-#
-# Registry replicas (optional)
-# Unless specified, openshift-ansible will calculate the replica count
-# based on the number of nodes matching the openshift registry selector.
-#openshift_hosted_registry_replicas=2
-
-# Registry Storage Options
-#
-# NFS Host Group
-# An NFS volume will be created with path "nfs_directory/volume_name"
-# on the host within the [nfs] host group. For example, the volume
-# path using these options would be "/exports/registry"
-#openshift_hosted_registry_storage_kind=nfs
-#openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
-#openshift_hosted_registry_storage_nfs_directory=/exports
-#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
-#openshift_hosted_registry_storage_volume_name=registry
-#openshift_hosted_registry_storage_volume_size=10Gi
-#
-# External NFS Host
-# NFS volume must already exist with path "nfs_directory/_volume_name" on
-# the storage_host. For example, the remote volume path using these
-# options would be "nfs.example.com:/exports/registry"
-#openshift_hosted_registry_storage_kind=nfs
-#openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
-#openshift_hosted_registry_storage_host=nfs.example.com
-#openshift_hosted_registry_storage_nfs_directory=/exports
-#openshift_hosted_registry_storage_volume_name=registry
-#openshift_hosted_registry_storage_volume_size=10Gi
-#
-# Openstack
-# Volume must already exist.
-#openshift_hosted_registry_storage_kind=openstack
-#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce']
-#openshift_hosted_registry_storage_openstack_filesystem=ext4
-#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57
-#openshift_hosted_registry_storage_volume_size=10Gi
-#
-# AWS S3
-# S3 bucket must already exist.
-#openshift_hosted_registry_storage_kind=object
-#openshift_hosted_registry_storage_provider=s3
-#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id
-#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key
-#openshift_hosted_registry_storage_s3_bucket=bucket_name
-#openshift_hosted_registry_storage_s3_region=bucket_region
-#openshift_hosted_registry_storage_s3_chunksize=26214400
-
-# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
-# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
-
-# Disable the OpenShift SDN plugin
-# openshift_use_openshift_sdn=False
-
-# Configure SDN cluster network CIDR block. This network block should
-# be a private block and should not conflict with existing network
-# blocks in your infrastructure that pods may require access to.
-# Can not be changed after deployment.
-#osm_cluster_network_cidr=10.1.0.0/16
-
-# Configure number of bits to allocate to each host’s subnet e.g. 8
-# would mean a /24 network on the host.
-#osm_host_subnet_length=8
-
-# Configure master API and console ports.
-#openshift_master_api_port=8443
-#openshift_master_console_port=8443
-
-# set RPM version for debugging purposes
-#openshift_pkg_version=-3.1.0.0
-
-# Configure custom named certificates
-# NOTE: openshift_master_named_certificates is cached on masters and is an
-# additive fact, meaning that each run with a different set of certificates
-# will add the newly provided certificates to the cached set of certificates.
-# If you would like openshift_master_named_certificates to be overwritten with
-# the provided value, specify openshift_master_overwrite_named_certificates.
-#openshift_master_overwrite_named_certificates=true
-#
-# Provide local certificate paths which will be deployed to masters
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}]
-#
-# Detected names may be overridden by specifying the "names" key
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}]
-
-# Session options
-#openshift_master_session_name=ssn
-#openshift_master_session_max_seconds=3600
-
-# An authentication and encryption secret will be generated if secrets
-# are not provided. If provided, openshift_master_session_auth_secrets
-# and openshift_master_encryption_secrets must be equal length.
-#
-# Signing secrets, used to authenticate sessions using
-# HMAC. Recommended to use secrets with 32 or 64 bytes.
-#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO']
-#
-# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32
-# characters long, to select AES-128, AES-192, or AES-256.
-#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO']
-
-# configure how often node iptables rules are refreshed
-#openshift_node_iptables_sync_period=5s
-
-# Configure nodeIP in the node config
-# This is needed in cases where node traffic is desired to go over an
-# interface other than the default network interface.
-#openshift_node_set_node_ip=True
-
-# Force setting of system hostname when configuring OpenShift
-# This works around issues related to installations that do not have valid dns
-# entries for the interfaces attached to the host.
-#openshift_set_hostname=True
-
-# Configure dnsIP in the node config
-#openshift_dns_ip=172.30.0.1
-
-# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
-
-# Configure logrotate scripts
-# See: https://github.com/nickhammond/ansible-logrotate
-#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}]
-
-# openshift-ansible will wait indefinitely for your input when it detects that the
-# value of openshift_hostname resolves to an IP address not bound to any local
-# interfaces. This mis-configuration is problematic for any pod leveraging host
-# networking and liveness or readiness probes.
-# Setting this variable to true will override that check.
-#openshift_override_hostname_check=true
-
-# Configure dnsmasq for cluster dns, switch the host's local resolver to use dnsmasq
-# and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults
-# to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot
-# be used with 1.0 and 3.0.
-# openshift_use_dnsmasq=False
-
-# Global Proxy Configuration
-# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment
-# variables for docker and master services.
-#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT
-#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT
-#openshift_no_proxy='.hosts.example.com,some-host.com'
-#
-# Most environments don't require a proxy between openshift masters, nodes, and
-# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list.
-# If all of your hosts share a common domain you may wish to disable this and
-# specify that domain above.
-#openshift_generate_no_proxy_hosts=True
-#
-# These options configure the BuildDefaults admission controller which injects
-# environment variables into Builds. These values will default to the global proxy
-# config values. You only need to set these if they differ from the global settings
-# above. See BuildDefaults
-# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html
-#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT
-#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT
-#openshift_builddefaults_no_proxy=build_defaults
-#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT
-#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT
-# Or you may optionally define your own serialized as json
-#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}'
-
-# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default
-#openshift_master_dynamic_provisioning_enabled=False
-
-# Configure usage of openshift_clock role.
-#openshift_clock_enabled=true
-
-# OpenShift Per-Service Environment Variables
-# Environment variables are added to /etc/sysconfig files for
-# each OpenShift service: node, master (api and controllers).
-# API and controllers environment variables are merged in single
-# master environments.
-#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"}
-#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
-#openshift_node_env_vars={"ENABLE_HTTP2": "true"}
-
-# host group for masters
-[masters]
-aep3-master[1:3]-ansible.test.example.com
-
-[etcd]
-aep3-etcd[1:3]-ansible.test.example.com
-
-[lb]
-aep3-lb-ansible.test.example.com
-
-# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes
-# However, in order to ensure that your masters are not burdened with running pods you should
-# make them unschedulable by adding openshift_schedulable=False any node that's also a master.
-[nodes]
-aep3-master[1:3]-ansible.test.example.com
-aep3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}"
diff --git a/inventory/byo/hosts.aep_quickstart b/inventory/byo/hosts.aep_quickstart
deleted file mode 100644
index 46ea3a03f..000000000
--- a/inventory/byo/hosts.aep_quickstart
+++ /dev/null
@@ -1,20 +0,0 @@
-[OSEv3:children]
-masters
-nodes
-etcd
-lb
-
-[OSEv3:vars]
-ansible_ssh_user=root
-deployment_type=atomic-enterprise
-osm_use_cockpit=true
-
-[masters]
-ose3-master.example.com
-
-[nodes]
-ose3-master.example.com openshift_scheduleable=True
-
-[etcd]
-
-[lb]
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 5bfb451c5..b32eb5c18 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -45,9 +45,6 @@ openshift_release=v1.2
# Install the openshift examples
#openshift_install_examples=true
-# Enable cluster metrics
-#use_cluster_metrics=true
-
# Configure logoutURL in the master config for console customization
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url
#openshift_master_logout_url=http://example.com
@@ -68,10 +65,6 @@ openshift_release=v1.2
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
#openshift_master_oauth_template=/path/to/login-template.html
-# Configure metricsPublicURL in the master config for cluster metrics
-# See: https://docs.openshift.org/latest/install_config/cluster_metrics.html
-#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
-
# Configure loggingPublicURL in the master config for aggregate logging
# See: https://docs.openshift.org/latest/install_config/aggregate_logging.html
#openshift_master_logging_public_url=https://kibana.example.com
@@ -100,26 +93,20 @@ openshift_release=v1.2
# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone.
# docker_upgrade=False
-# Alternate image format string. If you're not modifying the format string and
-# only need to inject your own registry you may want to consider
-# openshift_docker_additional_registries instead
+# Alternate image format string, useful if you've got your own registry mirror
#oreg_url=example.com/openshift3/ose-${component}:${version}
# If oreg_url points to a registry other than registry.access.redhat.com we can
# modify image streams to point at that registry by setting the following to true
-#openshift_examples_modify_imagestreams=True
+#openshift_examples_modify_imagestreams=true
# Origin copr repo
#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}]
-# Origin Fedora copr repo
-# Use this if you are installing on Fedora
-#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}]
-
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
-#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'
+#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
# or
#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file>
@@ -262,6 +249,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Provide local certificate paths which will be configured as the
# router's default certificate.
#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}
+#
+# Disable management of the OpenShift Router
+#openshift_hosted_manage_router=false
# Openshift Registry Options
#
@@ -283,6 +273,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Unless specified, openshift-ansible will calculate the replica count
# based on the number of nodes matching the openshift registry selector.
#openshift_hosted_registry_replicas=2
+#
+# Disable management of the OpenShift Registry
+#openshift_hosted_manage_registry=false
# Registry Storage Options
#
@@ -327,17 +320,71 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_hosted_registry_storage_s3_chunksize=26214400
#openshift_hosted_registry_pullthrough=true
+# Metrics deployment
+# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
+#
+# By default metrics are not automatically deployed, set this to enable them
+# openshift_hosted_metrics_deploy=true
+#
+# Storage Options
+# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored
+# in an EmptyDir volume and will be deleted when the cassandra pod terminates.
+# Storage options A & B currently support only one cassandra pod which is
+# generally enough for up to 1000 pods. Additional volumes can be created
+# manually after the fact and metrics scaled per the docs.
+#
+# Option A - NFS Host Group
+# An NFS volume will be created with path "nfs_directory/volume_name"
+# on the host within the [nfs] host group. For example, the volume
+# path using these options would be "/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+#
+# Option B - External NFS Host
+# NFS volume must already exist with path "nfs_directory/_volume_name" on
+# the storage_host. For example, the remote volume path using these
+# options would be "nfs.example.com:/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_host=nfs.example.com
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+#
+# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
+# your cloud platform use this.
+#openshift_hosted_metrics_storage_kind=dynamic
+#
+# Override metricsPublicURL in the master config for cluster metrics
+# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
+#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
# Disable the OpenShift SDN plugin
# openshift_use_openshift_sdn=False
-# Configure SDN cluster network CIDR block. This network block should
-# be a private block and should not conflict with existing network
-# blocks in your infrastructure that pods may require access to.
-# Can not be changed after deployment.
+# Configure SDN cluster network and kubernetes service CIDR blocks. These
+# network blocks should be private and should not conflict with network blocks
+# in your infrastructure that pods may require access to. Can not be changed
+# after deployment.
#osm_cluster_network_cidr=10.1.0.0/16
+#openshift_portal_net=172.30.0.0/16
+
+
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
+# service external IP field. If empty, no externalIP may be set. It
+# may contain a list of CIDRs which are checked for access. If a CIDR
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
+# will be applied first, then the IP checked against one of the
+# allowed CIDRs. You should ensure this range does not overlap with
+# your nodes, pods, or service CIDRs for security reasons.
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
@@ -350,19 +397,38 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# set RPM version for debugging purposes
#openshift_pkg_version=-1.1
-# Configure custom named certificates
+# Configure custom ca certificate
+#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'}
+#
+# NOTE: CA certificate will not be replaced with existing clusters.
+# This option may only be specified when creating a new cluster or
+# when redeploying cluster certificates with the redeploy-certificates
+# playbook. If replacing the CA certificate in an existing cluster
+# with a custom ca certificate, the following variable must also be
+# set.
+#openshift_certificates_redeploy_ca=true
+
+# Configure custom named certificates (SNI certificates)
+#
+# https://docs.openshift.org/latest/install_config/certificate_customization.html
+#
# NOTE: openshift_master_named_certificates is cached on masters and is an
# additive fact, meaning that each run with a different set of certificates
# will add the newly provided certificates to the cached set of certificates.
+#
+# An optional CA may be specified for each named certificate. CAs will
+# be added to the OpenShift CA bundle which allows for the named
+# certificate to be served for internal cluster communication.
+#
# If you would like openshift_master_named_certificates to be overwritten with
# the provided value, specify openshift_master_overwrite_named_certificates.
#openshift_master_overwrite_named_certificates=true
#
# Provide local certificate paths which will be deployed to masters
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}]
+#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}]
#
# Detected names may be overridden by specifying the "names" key
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}]
+#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}]
# Session options
#openshift_master_session_name=ssn
@@ -397,7 +463,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_dns_ip=172.30.0.1
# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
+#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 96a9db30d..5aaf6695a 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -6,6 +6,7 @@ masters
nodes
etcd
lb
+nfs
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
@@ -44,9 +45,6 @@ openshift_release=v3.2
# Install the openshift examples
#openshift_install_examples=true
-# Enable cluster metrics
-#use_cluster_metrics=true
-
# Configure logoutURL in the master config for console customization
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url
#openshift_master_logout_url=http://example.com
@@ -67,10 +65,6 @@ openshift_release=v3.2
# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files
#openshift_master_oauth_template=/path/to/login-template.html
-# Configure metricsPublicURL in the master config for cluster metrics
-# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
-#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
-
# Configure loggingPublicURL in the master config for aggregate logging
# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html
#openshift_master_logging_public_url=https://kibana.example.com
@@ -99,13 +93,11 @@ openshift_release=v3.2
# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone.
# docker_upgrade=False
-# Alternate image format string. If you're not modifying the format string and
-# only need to inject your own registry you may want to consider
-# openshift_docker_additional_registries instead
+# Alternate image format string, useful if you've got your own registry mirror
#oreg_url=example.com/openshift3/ose-${component}:${version}
# If oreg_url points to a registry other than registry.access.redhat.com we can
# modify image streams to point at that registry by setting the following to true
-#openshift_examples_modify_imagestreams=True
+#openshift_examples_modify_imagestreams=true
# Additional yum repos to install
#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}]
@@ -113,7 +105,7 @@ openshift_release=v3.2
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
-#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'
+#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
# or
#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file>
@@ -256,6 +248,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Provide local certificate paths which will be configured as the
# router's default certificate.
#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}
+#
+# Disable management of the OpenShift Router
+#openshift_hosted_manage_router=false
# Openshift Registry Options
#
@@ -277,6 +272,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# Unless specified, openshift-ansible will calculate the replica count
# based on the number of nodes matching the openshift registry selector.
#openshift_hosted_registry_replicas=2
+#
+# Disable management of the OpenShift Registry
+#openshift_hosted_manage_registry=false
# Registry Storage Options
#
@@ -321,17 +319,72 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_hosted_registry_storage_s3_chunksize=26214400
#openshift_hosted_registry_pullthrough=true
+# Metrics deployment
+# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html
+#
+# By default metrics are not automatically deployed, set this to enable them
+# openshift_hosted_metrics_deploy=true
+#
+# Storage Options
+# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored
+# in an EmptyDir volume and will be deleted when the cassandra pod terminates.
+# Storage options A & B currently support only one cassandra pod which is
+# generally enough for up to 1000 pods. Additional volumes can be created
+# manually after the fact and metrics scaled per the docs.
+#
+# Option A - NFS Host Group
+# An NFS volume will be created with path "nfs_directory/volume_name"
+# on the host within the [nfs] host group. For example, the volume
+# path using these options would be "/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+#
+# Option B - External NFS Host
+# NFS volume must already exist with path "nfs_directory/_volume_name" on
+# the storage_host. For example, the remote volume path using these
+# options would be "nfs.example.com:/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_host=nfs.example.com
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+#
+# Option C - Dynamic -- If openshift supports dynamic volume provisioning for
+# your cloud platform use this.
+#openshift_hosted_metrics_storage_kind=dynamic
+#
+# Override metricsPublicURL in the master config for cluster metrics
+# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
+#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics
+
+
# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
# Disable the OpenShift SDN plugin
# openshift_use_openshift_sdn=False
-# Configure SDN cluster network CIDR block. This network block should
-# be a private block and should not conflict with existing network
-# blocks in your infrastructure that pods may require access to.
-# Can not be changed after deployment.
+# Configure SDN cluster network and kubernetes service CIDR blocks. These
+# network blocks should be private and should not conflict with network blocks
+# in your infrastructure that pods may require access to. Can not be changed
+# after deployment.
#osm_cluster_network_cidr=10.1.0.0/16
+#openshift_portal_net=172.30.0.0/16
+
+
+# ExternalIPNetworkCIDRs controls what values are acceptable for the
+# service external IP field. If empty, no externalIP may be set. It
+# may contain a list of CIDRs which are checked for access. If a CIDR
+# is prefixed with !, IPs in that CIDR will be rejected. Rejections
+# will be applied first, then the IP checked against one of the
+# allowed CIDRs. You should ensure this range does not overlap with
+# your nodes, pods, or service CIDRs for security reasons.
+#openshift_master_external_ip_network_cidrs=['0.0.0.0/0']
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
@@ -344,19 +397,38 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# set RPM version for debugging purposes
#openshift_pkg_version=-3.1.0.0
-# Configure custom named certificates
+# Configure custom ca certificate
+#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'}
+#
+# NOTE: CA certificate will not be replaced with existing clusters.
+# This option may only be specified when creating a new cluster or
+# when redeploying cluster certificates with the redeploy-certificates
+# playbook. If replacing the CA certificate in an existing cluster
+# with a custom ca certificate, the following variable must also be
+# set.
+#openshift_certificates_redeploy_ca=true
+
+# Configure custom named certificates (SNI certificates)
+#
+# https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html
+#
# NOTE: openshift_master_named_certificates is cached on masters and is an
# additive fact, meaning that each run with a different set of certificates
# will add the newly provided certificates to the cached set of certificates.
+#
+# An optional CA may be specified for each named certificate. CAs will
+# be added to the OpenShift CA bundle which allows for the named
+# certificate to be served for internal cluster communication.
+#
# If you would like openshift_master_named_certificates to be overwritten with
# the provided value, specify openshift_master_overwrite_named_certificates.
#openshift_master_overwrite_named_certificates=true
#
# Provide local certificate paths which will be deployed to masters
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}]
+#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}]
#
# Detected names may be overridden by specifying the "names" key
-#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}]
+#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}]
# Session options
#openshift_master_session_name=ssn
@@ -391,7 +463,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#openshift_dns_ip=172.30.0.1
# Configure node kubelet arguments
-#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
+#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']}
# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
diff --git a/library/delegated_serial_command.py b/library/delegated_serial_command.py
new file mode 100755
index 000000000..3969edfdd
--- /dev/null
+++ b/library/delegated_serial_command.py
@@ -0,0 +1,275 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>, and others
+# (c) 2016, Andrew Butcher <abutcher@redhat.com>
+#
+# This module is derrived from the Ansible command module.
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+
+# pylint: disable=unused-wildcard-import,wildcard-import,unused-import,redefined-builtin
+
+''' delegated_serial_command '''
+
+import copy
+import sys
+import datetime
+import glob
+import traceback
+import re
+import shlex
+import os
+import fcntl
+import time
+
+DOCUMENTATION = '''
+---
+module: delegated_serial_command
+short_description: Executes a command on a remote node
+version_added: historical
+description:
+ - The M(command) module takes the command name followed by a list
+ of space-delimited arguments.
+ - The given command will be executed on all selected nodes. It
+ will not be processed through the shell, so variables like
+ C($HOME) and operations like C("<"), C(">"), C("|"), and C("&")
+ will not work (use the M(shell) module if you need these
+ features).
+ - Creates and maintains a lockfile such that this module will
+ wait for other invocations to proceed.
+options:
+ command:
+ description:
+ - the command to run
+ required: true
+ default: null
+ creates:
+ description:
+ - a filename or (since 2.0) glob pattern, when it already
+ exists, this step will B(not) be run.
+ required: no
+ default: null
+ removes:
+ description:
+ - a filename or (since 2.0) glob pattern, when it does not
+ exist, this step will B(not) be run.
+ version_added: "0.8"
+ required: no
+ default: null
+ chdir:
+ description:
+ - cd into this directory before running the command
+ version_added: "0.6"
+ required: false
+ default: null
+ executable:
+ description:
+ - change the shell used to execute the command. Should be an
+ absolute path to the executable.
+ required: false
+ default: null
+ version_added: "0.9"
+ warn:
+ version_added: "1.8"
+ default: yes
+ description:
+ - if command warnings are on in ansible.cfg, do not warn about
+ this particular line if set to no/false.
+ required: false
+ lockfile:
+ default: yes
+ description:
+ - the lockfile that will be created
+ timeout:
+ default: yes
+ description:
+ - time in milliseconds to wait to obtain the lock
+notes:
+ - If you want to run a command through the shell (say you are using C(<),
+ C(>), C(|), etc), you actually want the M(shell) module instead. The
+ M(command) module is much more secure as it's not affected by the user's
+ environment.
+ - " C(creates), C(removes), and C(chdir) can be specified after
+ the command. For instance, if you only want to run a command if
+ a certain file does not exist, use this."
+author:
+ - Ansible Core Team
+ - Michael DeHaan
+ - Andrew Butcher
+'''
+
+EXAMPLES = '''
+# Example from Ansible Playbooks.
+- delegated_serial_command:
+ command: /sbin/shutdown -t now
+
+# Run the command if the specified file does not exist.
+- delegated_serial_command:
+ command: /usr/bin/make_database.sh arg1 arg2
+ creates: /path/to/database
+'''
+
+# Dict of options and their defaults
+OPTIONS = {'chdir': None,
+ 'creates': None,
+ 'command': None,
+ 'executable': None,
+ 'NO_LOG': None,
+ 'removes': None,
+ 'warn': True,
+ 'lockfile': None,
+ 'timeout': None}
+
+def check_command(commandline):
+ ''' Check provided command '''
+ arguments = {'chown': 'owner', 'chmod': 'mode', 'chgrp': 'group',
+ 'ln': 'state=link', 'mkdir': 'state=directory',
+ 'rmdir': 'state=absent', 'rm': 'state=absent', 'touch': 'state=touch'}
+ commands = {'git': 'git', 'hg': 'hg', 'curl': 'get_url or uri', 'wget': 'get_url or uri',
+ 'svn': 'subversion', 'service': 'service',
+ 'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt',
+ 'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile',
+ 'rsync': 'synchronize', 'dnf': 'dnf', 'zypper': 'zypper'}
+ become = ['sudo', 'su', 'pbrun', 'pfexec', 'runas']
+ warnings = list()
+ command = os.path.basename(commandline.split()[0])
+ # pylint: disable=line-too-long
+ if command in arguments:
+ warnings.append("Consider using file module with {0} rather than running {1}".format(arguments[command], command))
+ if command in commands:
+ warnings.append("Consider using {0} module rather than running {1}".format(commands[command], command))
+ if command in become:
+ warnings.append(
+ "Consider using 'become', 'become_method', and 'become_user' rather than running {0}".format(command,))
+ return warnings
+
+
+# pylint: disable=too-many-statements,too-many-branches,too-many-locals
+def main():
+ ''' Main module function '''
+ module = AnsibleModule(
+ argument_spec=dict(
+ _uses_shell=dict(type='bool', default=False),
+ command=dict(required=True),
+ chdir=dict(),
+ executable=dict(),
+ creates=dict(),
+ removes=dict(),
+ warn=dict(type='bool', default=True),
+ lockfile=dict(default='/tmp/delegated_serial_command.lock'),
+ timeout=dict(type='int', default=30)
+ )
+ )
+
+ shell = module.params['_uses_shell']
+ chdir = module.params['chdir']
+ executable = module.params['executable']
+ command = module.params['command']
+ creates = module.params['creates']
+ removes = module.params['removes']
+ warn = module.params['warn']
+ lockfile = module.params['lockfile']
+ timeout = module.params['timeout']
+
+ if command.strip() == '':
+ module.fail_json(rc=256, msg="no command given")
+
+ iterated = 0
+ lockfd = open(lockfile, 'w+')
+ while iterated < timeout:
+ try:
+ fcntl.flock(lockfd, fcntl.LOCK_EX | fcntl.LOCK_NB)
+ break
+ # pylint: disable=invalid-name
+ except IOError as e:
+ if e.errno != errno.EAGAIN:
+ module.fail_json(msg="I/O Error {0}: {1}".format(e.errno, e.strerror))
+ else:
+ iterated += 1
+ time.sleep(0.1)
+
+ if chdir:
+ chdir = os.path.abspath(os.path.expanduser(chdir))
+ os.chdir(chdir)
+
+ if creates:
+ # do not run the command if the line contains creates=filename
+ # and the filename already exists. This allows idempotence
+ # of command executions.
+ path = os.path.expanduser(creates)
+ if glob.glob(path):
+ module.exit_json(
+ cmd=command,
+ stdout="skipped, since %s exists" % path,
+ changed=False,
+ stderr=False,
+ rc=0
+ )
+
+ if removes:
+ # do not run the command if the line contains removes=filename
+ # and the filename does not exist. This allows idempotence
+ # of command executions.
+ path = os.path.expanduser(removes)
+ if not glob.glob(path):
+ module.exit_json(
+ cmd=command,
+ stdout="skipped, since %s does not exist" % path,
+ changed=False,
+ stderr=False,
+ rc=0
+ )
+
+ warnings = list()
+ if warn:
+ warnings = check_command(command)
+
+ if not shell:
+ command = shlex.split(command)
+ startd = datetime.datetime.now()
+
+ # pylint: disable=invalid-name
+ rc, out, err = module.run_command(command, executable=executable, use_unsafe_shell=shell)
+
+ fcntl.flock(lockfd, fcntl.LOCK_UN)
+ lockfd.close()
+
+ endd = datetime.datetime.now()
+ delta = endd - startd
+
+ if out is None:
+ out = ''
+ if err is None:
+ err = ''
+
+ module.exit_json(
+ cmd=command,
+ stdout=out.rstrip("\r\n"),
+ stderr=err.rstrip("\r\n"),
+ rc=rc,
+ start=str(startd),
+ end=str(endd),
+ delta=str(delta),
+ changed=True,
+ warnings=warnings,
+ iterated=iterated
+ )
+
+# import module snippets
+from ansible.module_utils.basic import *
+from ansible.module_utils.splitter import *
+
+main()
diff --git a/library/modify_yaml.py b/library/modify_yaml.py
index a4be10ca3..63b507a72 100755
--- a/library/modify_yaml.py
+++ b/library/modify_yaml.py
@@ -20,6 +20,24 @@ EXAMPLES = '''
yaml_value: 2
'''
+
+# pylint: disable=missing-docstring
+def set_key(yaml_data, yaml_key, yaml_value):
+ changes = []
+ ptr = yaml_data
+ for key in yaml_key.split('.'):
+ if key not in ptr and key != yaml_key.split('.')[-1]:
+ ptr[key] = {}
+ ptr = ptr[key]
+ elif key == yaml_key.split('.')[-1]:
+ if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr):
+ ptr[key] = yaml_value
+ changes.append((yaml_key, yaml_value))
+ else:
+ ptr = ptr[key]
+ return changes
+
+
def main():
''' Modify key (supplied in jinja2 dot notation) in yaml file, setting
the key to the desired value.
@@ -53,22 +71,12 @@ def main():
yaml.add_representer(type(None), none_representer)
try:
- changes = []
yaml_file = open(dest)
yaml_data = yaml.safe_load(yaml_file.read())
yaml_file.close()
- ptr = yaml_data
- for key in yaml_key.split('.'):
- if key not in ptr and key != yaml_key.split('.')[-1]:
- ptr[key] = {}
- elif key == yaml_key.split('.')[-1]:
- if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr):
- ptr[key] = yaml_value
- changes.append((yaml_key, yaml_value))
- else:
- ptr = ptr[key]
+ changes = set_key(yaml_data, yaml_key, yaml_value)
if len(changes) > 0:
if backup:
diff --git a/library/rpm_q.py b/library/rpm_q.py
new file mode 100644
index 000000000..ca3d0dd89
--- /dev/null
+++ b/library/rpm_q.py
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2015, Tobias Florek <tob@butter.sh>
+# Licensed under the terms of the MIT License
+"""
+An ansible module to query the RPM database. For use, when yum/dnf are not
+available.
+"""
+
+# pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import
+from ansible.module_utils.basic import *
+
+DOCUMENTATION = """
+---
+module: rpm_q
+short_description: Query the RPM database
+author: Tobias Florek
+options:
+ name:
+ description:
+ - The name of the package to query
+ required: true
+ state:
+ description:
+ - Whether the package is supposed to be installed or not
+ choices: [present, absent]
+ default: present
+"""
+
+EXAMPLES = """
+- rpm_q: name=ansible state=present
+- rpm_q: name=ansible state=absent
+"""
+
+RPM_BINARY = '/bin/rpm'
+
+def main():
+ """
+ Checks rpm -q for the named package and returns the installed packages
+ or None if not installed.
+ """
+ module = AnsibleModule(
+ argument_spec=dict(
+ name=dict(required=True),
+ state=dict(default='present', choices=['present', 'absent'])
+ ),
+ supports_check_mode=True
+ )
+
+ name = module.params['name']
+ state = module.params['state']
+
+ # pylint: disable=invalid-name
+ rc, out, err = module.run_command([RPM_BINARY, '-q', name])
+
+ installed = out.rstrip('\n').split('\n')
+
+ if rc != 0:
+ if state == 'present':
+ module.fail_json(msg="%s is not installed" % name, stdout=out, stderr=err, rc=rc)
+ else:
+ module.exit_json(changed=False)
+ elif state == 'present':
+ module.exit_json(changed=False, installed_versions=installed)
+ else:
+ module.fail_json(msg="%s is installed", installed_versions=installed)
+
+if __name__ == '__main__':
+ main()
diff --git a/openshift-ansible.spec b/openshift-ansible.spec
index f70193367..5042743f8 100644
--- a/openshift-ansible.spec
+++ b/openshift-ansible.spec
@@ -5,7 +5,7 @@
}
Name: openshift-ansible
-Version: 3.3.2
+Version: 3.4.1
Release: 1%{?dist}
Summary: Openshift and Atomic Enterprise Ansible
License: ASL 2.0
@@ -221,6 +221,281 @@ Atomic OpenShift Utilities includes
%changelog
+* Thu Sep 01 2016 Scott Dodson <sdodson@redhat.com> 3.4.1-1
+- Bump to 3.4.0
+
+* Wed Aug 31 2016 Scott Dodson <sdodson@redhat.com> 3.3.20-1
+- Restore network plugin configuration (sdodson@redhat.com)
+- Remove openshift_master_metrics_public_url (abutcher@redhat.com)
+- Bug 1371836 - The variant should be Registry 3.3 (smunilla@redhat.com)
+
+* Wed Aug 31 2016 Troy Dawson <tdawson@redhat.com> 3.3.19-1
+- update flannel_subnet_len default value (mkumatag@in.ibm.com)
+- Reload docker facts after upgrading docker (sdodson@redhat.com)
+
+* Tue Aug 30 2016 Scott Dodson <sdodson@redhat.com> 3.3.18-1
+- Enable dynamic storage (sdodson@redhat.com)
+- Change how we set master's metricsPublicURL (sdodson@redhat.com)
+- update kubelet argument example with references to new pods-per-core and new
+ max-pods threshold for 3.3 (jeder@redhat.com)
+- update kubelet argument example with references to new pods-per-core and new
+ max-pods threshold for 3.3 (jeder@redhat.com)
+
+* Mon Aug 29 2016 Scott Dodson <sdodson@redhat.com> 3.3.17-1
+- Reload units after node container service modified. (dgoodwin@redhat.com)
+- Fix flannel check (mkumatag@in.ibm.com)
+- Default to port 80 when deploying cockpit-ui (smunilla@redhat.com)
+- Set cloudprovider kind with openshift_facts. (abutcher@redhat.com)
+- Fix openstack cloudprovider template conditional. (abutcher@redhat.com)
+
+* Sat Aug 27 2016 Scott Dodson <sdodson@redhat.com> 3.3.16-1
+- Sync image stream data (sdodson@redhat.com)
+- Update metrics example inventories (sdodson@redhat.com)
+- Preserve AWS options in sysconfig files. (dgoodwin@redhat.com)
+- Fix metrics for containerized installs (sdodson@redhat.com)
+- Cleanup items botched during rebase (sdodson@redhat.com)
+- add check for server and account already exist (mangirdas@judeikis.lt)
+- add run_once to repeatable actions (mangirdas@judeikis.lt)
+- Remove atomic check and cockpit.socket (smunilla@redhat.com)
+- Re-organize registry-console deployment. (abutcher@redhat.com)
+- Add registry console template (aweiteka@redhat.com)
+- Add support for Atomic Registry Installs (smunilla@redhat.com)
+- Apply indentation changes to some other lines (tbielawa@redhat.com)
+- Don't use openshift_env for cloud provider facts. (abutcher@redhat.com)
+- Enable PEP8 tests by default in the 'make ci' target now
+ (tbielawa@redhat.com)
+- Fix PEP8 errors in cli_installer.py (tbielawa@redhat.com)
+- Fix PEP8 in openshift_ansible.py (tbielawa@redhat.com)
+- Fix PEP8 in oo_config.py (tbielawa@redhat.com)
+- Fix PEP8 in variants.py (tbielawa@redhat.com)
+- Fix PEP8 in facts_callback.py (tbielawa@redhat.com)
+- fix duplicate src field (jdetiber@redhat.com)
+- Refactor volume directory creation (sdodson@redhat.com)
+- Rely on IMAGE_PREFIX and IMAGE_VERSION defaults from the templates themselves
+ (sdodson@redhat.com)
+- Add metrics exports to nfs role, move exports to /etc/exports.d/openshift-
+ ansible.exports (sdodson@redhat.com)
+- Add ability to disable pvc creation (sdodson@redhat.com)
+- Fix registry volume (sdodson@redhat.com)
+- add selectors for metrics and logging (sdodson@redhat.com)
+- Add logic to detect existing installs (sdodson@redhat.com)
+- Deploy metrics after our router (sdodson@redhat.com)
+- Add Enterprise 3.3 template (sdodson@redhat.com)
+- Pull in keynote demo changes (sdodson@redhat.com)
+- [tags] add some support for running a subset of config via tags
+ (jdetiber@redhat.com)
+- [metrics] add filter to clean up hostname for use in metrics deployment
+ (jdetiber@redhat.com)
+- enable service-serving-cert-signer by default (abutcher@redhat.com)
+- Fix review comments (mkumatag@in.ibm.com)
+- Remove duplicate flannel registration (mkumatag@in.ibm.com)
+
+* Wed Aug 24 2016 Scott Dodson <sdodson@redhat.com> 3.3.15-1
+- simplify repo configuration (jdetiber@redhat.com)
+- don't set virt_sandbox_use_nfs on Fedora, it was replaced by virt_use_nfs
+ (maxamillion@fedoraproject.org)
+- Correct flannel cert variables. (abutcher@redhat.com)
+- Make note about ansible/install logs messing up ci tests
+ (tbielawa@redhat.com)
+- remove fedora origin copr (it's in mainline fedora now), some dnf/yum clean
+ up (maxamillion@fedoraproject.org)
+- Move nested print_read_config_error function into it's own function
+ (tbielawa@redhat.com)
+- Makefile includes ci-pyflakes target now (tbielawa@redhat.com)
+- Fix BZ1368296 by quietly recollecting facts if the cache is removed
+ (tbielawa@redhat.com)
+- Correct masterCA config typo. (abutcher@redhat.com)
+- don't gather facts when bootstrapping ansible for Fedora hosts
+ (maxamillion@fedoraproject.org)
+- a-o-i: Add variant and variant_version to migration (smunilla@redhat.com)
+- Fix upgrade failure when master-config does not have pluginOrderOverride.
+ (dgoodwin@redhat.com)
+- Add externalIPNetworkCIDRs to config (smunilla@redhat.com)
+
+* Tue Aug 23 2016 Scott Dodson <sdodson@redhat.com> 3.3.14-1
+- a-o-i: Fix ansible_ssh_user question (smunilla@redhat.com)
+- Don't run node config upgrade hook if host is not a node.
+ (dgoodwin@redhat.com)
+- Link ca to ca-bundle when ca-bundle does not exist. (abutcher@redhat.com)
+- Better error if no OpenShift RPMs are available. (dgoodwin@redhat.com)
+- Revert "Due to problems with with_fileglob lets avoid using it for now"
+ (sdodson@redhat.com)
+- Replace some virsh commands by native virt_XXX ansible module
+ (lhuard@amadeus.com)
+- Add warning at end of 3.3 upgrade if pluginOrderOverride is found.
+ (dgoodwin@redhat.com)
+- a-o-i: Remove Legacy Config Upgrade (smunilla@redhat.com)
+- Fix etcd uninstall (sdodson@redhat.com)
+- Bug 1358951 - Error loading config, no such key: 'deployment' when using
+ previously valid answers file (smunilla@redhat.com)
+- Fix standalone Docker upgrade missing symlink. (dgoodwin@redhat.com)
+- Open OpenStack security group for the service node port range
+ (lhuard@amadeus.com)
+- Fix the “node on master” feature (lhuard@amadeus.com)
+- Due to problems with with_fileglob lets avoid using it for now
+ (sdodson@redhat.com)
+
+* Fri Aug 19 2016 Troy Dawson <tdawson@redhat.com> 3.3.13-1
+- Fix warnings in OpenStack provider with ansible 2.1 (lhuard@amadeus.com)
+- Mount /sys rw (sdodson@redhat.com)
+- Update uninstall.yml (sdodson@redhat.com)
+- Fix padding on registry config (sdodson@redhat.com)
+
+* Wed Aug 17 2016 Troy Dawson <tdawson@redhat.com> 3.3.12-1
+- Fixes to typos, grammar, and product branding in cli_installer
+ (tpoitras@redhat.com)
+- Reconcile roles after master upgrade, but before nodes. (dgoodwin@redhat.com)
+- a-o-i: Fix nosetests after removing 3.2 from installer (smunilla@redhat.com)
+- Bug 1367323 - the "OpenShift Container Platform 3.2" variant is still listed
+ when quick install ose-3.3 (smunilla@redhat.com)
+- Bug 1367199 - iptablesSyncPeriod should default to 30s OOTB
+ (smunilla@redhat.com)
+- Sync remaining content (sdodson@redhat.com)
+- XPaas 1.3.3 (sdodson@redhat.com)
+- a-o-i: Fix broken tests from installed hosts check (smunilla@redhat.com)
+- Add clientCommonNames to RequestHeaderProvider optional items
+ (sdodson@redhat.com)
+- a-o-i: Mapping for 3.2 Upgrades (smunilla@redhat.com)
+- a-o-i: fix bz#1329455 (ghuang@redhat.com)
+- Add nfs group to OSEv3:vars (sdodson@redhat.com)
+- fixing openshift key error in case of node failure during run (ssh issue)
+ (jawed.khelil@amadeus.com)
+- add 3.3 to installer (rmeggins@redhat.com)
+
+* Mon Aug 15 2016 Troy Dawson <tdawson@redhat.com> 3.3.11-1
+- Ensure etcd user exists in etcd_server_certificates by installing etcd.
+ (abutcher@redhat.com)
+- a-o-i: Fix broken upgrades (smunilla@redhat.com)
+
+* Fri Aug 12 2016 Troy Dawson <tdawson@redhat.com> 3.3.10-1
+- Reference tmpdir from first master hostvars when evacuating nodes.
+ (abutcher@redhat.com)
+- Support for redeploying certificates. (abutcher@redhat.com)
+- qps typo (deads@redhat.com)
+- a-o-i: Automatically Label Nodes as Infra (smunilla@redhat.com)
+- Improvements for Docker 1.10+ upgrade image nuking. (dgoodwin@redhat.com)
+- a-o-i: Restrict installed host check (smunilla@redhat.com)
+- Shutdown Docker before upgrading the rpm. (dgoodwin@redhat.com)
+- Restrict the middleware stanza contains 'registry' and 'storage' at least on
+ 3.3 (ghuang@redhat.com)
+- docker-registry's middleware stanza should contain 'registry' and 'storage'
+ by default (ghuang@redhat.com)
+
+* Wed Aug 10 2016 Troy Dawson <tdawson@redhat.com> 3.3.9-1
+- Enable 'NoVolumeZoneConflict' policy for scheduler (abutcher@redhat.com)
+- a-o-i: Update nosetests for ansible_ssh_user (smunilla@redhat.com)
+- move ansible_ssh_user to deployment, remove ansible_config and
+ ansible_log_path (ghuang@redhat.com)
+- Labeling nodes only (ghuang@redhat.com)
+- Set become=no for etcd server certificates temporary directory.
+ (abutcher@redhat.com)
+- Move storage includes up to main. (abutcher@redhat.com)
+- Support gathering ansible 2.1/2.2 system facts (abutcher@redhat.com)
+- Try/except urlparse calls. (abutcher@redhat.com)
+- with_fileglob no longer supports wildcard prefixes. (abutcher@redhat.com)
+- BUILD.md lies (jmainguy@redhat.com)
+- Migrate ca.crt to ca-bundle.crt (sdodson@redhat.com)
+- Upgrade configs for protobuf support. (dgoodwin@redhat.com)
+- Fixed a bug in modify_yaml module. (dgoodwin@redhat.com)
+- make the improved log formatter work with ansible 2.1 (rmeggins@redhat.com)
+- Convert ansible facts callback to v2. (abutcher@redhat.com)
+- Add 3.3 protobuf config stanzas for master/node config. (dgoodwin@redhat.com)
+- Introduce 1.3/3.3 upgrade path. (dgoodwin@redhat.com)
+
+* Mon Aug 08 2016 Troy Dawson <tdawson@redhat.com> 3.3.8-1
+- Fix little mistake in openshift_master_htpasswd_users value .
+ (jmferrer@paradigmatecnologico.com)
+
+* Fri Aug 05 2016 Troy Dawson <tdawson@redhat.com> 3.3.7-1
+- Call relocated openshift-loadbalancer playbook in master scaleup.
+ (abutcher@redhat.com)
+- [openshift_ca] correct check for missing CA. (abutcher@redhat.com)
+- a-o-i: Rename OSE in Install Menu (smunilla@redhat.com)
+- a-o-i: Allow Arbitrary Deployment Variables (smunilla@redhat.com)
+- Add knobs for disabling router/registry management. (abutcher@redhat.com)
+- Restore missing etcd_image fact. (abutcher@redhat.com)
+- Add options for specifying named ca certificates to be added to the openshift
+ ca bundle. (abutcher@redhat.com)
+- oo_collect can be ran against dicts where key isn't present.
+ (abutcher@redhat.com)
+- Don't set a networkPluginName in 3.3 installs (sdodson@redhat.com)
+
+* Wed Aug 03 2016 Troy Dawson <tdawson@redhat.com> 3.3.6-1
+- Rename router and registry node list variables. (abutcher@redhat.com)
+- a-o-i: Fix broken uninstall (smunilla@redhat.com)
+- Refactor etcd certificates roles. (abutcher@redhat.com)
+
+* Mon Aug 01 2016 Troy Dawson <tdawson@redhat.com> 3.3.5-1
+- Update for issue#2244 (kunallimaye@gmail.com)
+- Update for issue-2244 (kunallimaye@gmail.com)
+- a-o-i: Remove AEP, OSE 3.0, and OSE 3.2 choices (smunilla@redhat.com)
+- Move role dependencies to playbooks. (abutcher@redhat.com)
+- Fix xpaas_templates_base (sdodson@redhat.com)
+- a-o-i: Better inventory group handling (smunilla@redhat.com)
+- Add dotnet image stream to enterprise installs (sdodson@redhat.com)
+- Fix haproxy logs (sdodson@redhat.com)
+- update bootstrap-fedora playbook with new python crypto deps
+ (maxamillion@fedoraproject.org)
+- Remove old sso70-basic templates (sdodson@redhat.com)
+- xPaaS v1.3.2 release (sdodson@redhat.com)
+
+* Fri Jul 29 2016 Troy Dawson <tdawson@redhat.com> 3.3.4-1
+- a-o-i: Set roles on standalone storage (smunilla@redhat.com)
+- Disable too many branches pylint (sdodson@redhat.com)
+- a-o-i: write missing openshift_node_labels (dkorn@redhat.com)
+- a-o-i: Support for arbitrary host-level variables (smunilla@redhat.com)
+- Beautiful -v output from ansible (jamespic@gmail.com)
+- a-o-i: Move inventory vars to the correct location (smunilla@redhat.com)
+- Fix registry/router being created despite no infra nodes.
+ (dgoodwin@redhat.com)
+- Document openshift_portal_net (sdodson@redhat.com)
+- Stagger the start of master services. (abutcher@redhat.com)
+- make rpm-q module pylint warning-free (tob@butter.sh)
+- add rpm_q module to query rpm database (tob@butter.sh)
+
+* Wed Jul 27 2016 Troy Dawson <tdawson@redhat.com> 3.3.3-1
+- Template named certificates with_items. (abutcher@redhat.com)
+- Replace master_cert_config_dir with common config_base fact.
+ (abutcher@redhat.com)
+- remove outdated openshift_cluster_metrics role (jdetiber@redhat.com)
+- Fix "deloyment" typo in deployment types doc (lxia@redhat.com)
+- Add missing nuke_images.sh symlink. (dgoodwin@redhat.com)
+- a-o-i: Persist Roles Variables (smunilla@redhat.com)
+- Default nodes matching selectors when not collected. (abutcher@redhat.com)
+- Copy openshift binaries instead of using wrapper script.
+ (dgoodwin@redhat.com)
+- Correct relative include for ansible version check. (abutcher@redhat.com)
+- Fix libvirt provider for Ansible 2.1.0.0 (lhuard@amadeus.com)
+- Re-arrange master and node role dependencies. (abutcher@redhat.com)
+- Refactor openshift certificates roles. (abutcher@redhat.com)
+- Check ansible version prior to evaluating cluster hosts and groups.
+ (abutcher@redhat.com)
+- Stop reporting changes when docker pull is already up to date.
+ (dgoodwin@redhat.com)
+- a-o-i: Write Role variable groups (smunilla@redhat.com)
+- Slight modification to error when using mismatched openshift_release.
+ (dgoodwin@redhat.com)
+- fix "databcase" typo in example roles (lxia@redhat.com)
+- Secure router only when openshift.hosted.router.certificate.contents exists.
+ (abutcher@redhat.com)
+- Add jenkinstemplate (sdodson@redhat.com)
+- Fix bugs with origin 1.2 rpm based upgrades. (dgoodwin@redhat.com)
+- Sync latest image streams and templates (sdodson@redhat.com)
+- Ensure 'oo_nfs_to_config' in groups prior to checking group length when nfs
+ host unset. (abutcher@redhat.com)
+- We have proper ansible support and requirements in place now, de-revert this
+ commit (tbielawa@redhat.com)
+- Skip docker upgrades on Atomic. (dgoodwin@redhat.com)
+- Resolve some deprecation warnings. (abutcher@redhat.com)
+- a-o-i: Looser facts requirements for unattended (smunilla@redhat.com)
+- Temporarily link registry config templates for ansible 1.9.x support.
+ (abutcher@redhat.com)
+- Remove relative lookup for registry config and check for skipped update in
+ registry redeploy conditional. (abutcher@redhat.com)
+- Arbitrary Installer yaml (smunilla@redhat.com)
+- Check for existence of sebooleans prior to setting. (abutcher@redhat.com)
+- Require ansible-2.1 (abutcher@redhat.com)
+
* Sun Jul 17 2016 Scott Dodson <sdodson@redhat.com> 3.3.2-1
- Convert openshift_release and openshift_version to strings for startswith
(sdodson@redhat.com)
diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml
index b380a74d6..b370d7fba 100644
--- a/playbooks/adhoc/bootstrap-fedora.yml
+++ b/playbooks/adhoc/bootstrap-fedora.yml
@@ -1,4 +1,5 @@
- hosts: OSEv3
+ gather_facts: false
tasks:
- name: install python and deps for ansible modules
- raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall
+ raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall pyOpenSSL python-cryptography
diff --git a/playbooks/adhoc/metrics_setup/playbooks/install.yml b/playbooks/adhoc/metrics_setup/playbooks/install.yml
index 235f775ef..a9ec3c1ef 100644
--- a/playbooks/adhoc/metrics_setup/playbooks/install.yml
+++ b/playbooks/adhoc/metrics_setup/playbooks/install.yml
@@ -16,21 +16,30 @@
- name: "Add metrics-deployer"
command: "{{item}}"
+ run_once: true
+ register: output
+ failed_when: ('already exists' not in output.stderr) and (output.rc != 0)
with_items:
- oc project openshift-infra
- oc create -f /tmp/metrics-deployer-setup.yaml
- name: "Give metrics-deployer SA permissions"
command: "oadm policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer"
+ run_once: true
- name: "Give heapster SA permissions"
command: "oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster"
+ run_once: true
- name: "Create metrics-deployer secret"
command: "oc secrets new metrics-deployer nothing=/dev/null"
+ register: output
+ failed_when: ('already exists' not in output.stderr) and (output.rc != 0)
+ run_once: true
- name: "Copy metrics.yaml to remote"
copy: "src=../files/metrics.yaml dest=/tmp/metrics.yaml force=yes"
- name: "Process yml template"
shell: "oc process -f /tmp/metrics.yaml -v MASTER_URL={{ masterPublicURL }},REDEPLOY=true,HAWKULAR_METRICS_HOSTNAME={{ metrics_external_service }},IMAGE_PREFIX={{ metrics_image_prefix }},IMAGE_VERSION={{ metrics_image_version }},USE_PERSISTENT_STORAGE=false | oc create -f -"
+ run_once: true \ No newline at end of file
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index 4edd44fe4..ae4316f86 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -72,6 +72,10 @@
- tuned-profiles-openshift-node
- tuned-profiles-origin-node
+ - name: Remove flannel package
+ action: "{{ ansible_pkg_mgr }} name=flannel state=absent"
+ when: openshift_use_flannel | default(false) | bool
+
- shell: systemctl reset-failed
changed_when: False
@@ -92,12 +96,6 @@
- vlinuxbr
- vovsbr
- - name: restart docker
- service: name=docker state=restarted
-
- - name: restart NetworkManager
- service: name=NetworkManager state=restarted
-
- shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true
changed_when: False
@@ -161,31 +159,39 @@
with_items:
- /etc/ansible/facts.d/openshift.fact
- /etc/atomic-enterprise
+ - /etc/dnsmasq.d/origin-dns.conf
+ - /etc/dnsmasq.d/origin-upstream-dns.conf
+ - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
- /etc/openshift
- /etc/openshift-sdn
- /etc/origin
- - /etc/systemd/system/atomic-openshift-node.service
- - /etc/systemd/system/atomic-openshift-node-dep.service
- - /etc/systemd/system/origin-node.service
- - /etc/systemd/system/origin-node-dep.service
- - /etc/systemd/system/openvswitch.service
- /etc/sysconfig/atomic-enterprise-node
- /etc/sysconfig/atomic-openshift-node
- /etc/sysconfig/atomic-openshift-node-dep
- - /etc/sysconfig/origin-node
- - /etc/sysconfig/origin-node-dep
- /etc/sysconfig/openshift-node
- /etc/sysconfig/openshift-node-dep
- /etc/sysconfig/openvswitch
- /etc/sysconfig/origin-node
+ - /etc/sysconfig/origin-node
+ - /etc/sysconfig/origin-node-dep
+ - /etc/systemd/system/atomic-openshift-node-dep.service
+ - /etc/systemd/system/atomic-openshift-node.service
- /etc/systemd/system/atomic-openshift-node.service.wants
+ - /etc/systemd/system/docker.service.d/docker-sdn-ovs.conf
+ - /etc/systemd/system/openvswitch.service
+ - /etc/systemd/system/origin-node-dep.service
+ - /etc/systemd/system/origin-node.service
- /run/openshift-sdn
- /var/lib/atomic-enterprise
- /var/lib/openshift
- /var/lib/origin
- - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
- - /etc/dnsmasq.d/origin-dns.conf
- - /etc/dnsmasq.d/origin-upstream-dns.conf
+
+ - name: restart docker
+ service: name=docker state=restarted
+
+ - name: restart NetworkManager
+ service: name=NetworkManager state=restarted
+
- hosts: masters
become: yes
@@ -289,6 +295,7 @@
- /usr/local/bin/oadm
- /usr/local/bin/oc
- /usr/local/bin/kubectl
+ - /etc/flannel
# Since we are potentially removing the systemd unit files for separated
# master-api and master-controllers services, so we need to reload the
@@ -338,7 +345,10 @@
- /etc/ansible/facts.d/openshift.fact
- /etc/etcd
- /etc/systemd/system/etcd_container.service
- - /var/lib/etcd
+
+ - name: Remove etcd data
+ shell: rm -rf /var/lib/etcd/*
+ failed_when: false
- hosts: lb
become: yes
diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml
index 647c72239..05cfe7d6e 100644
--- a/playbooks/aws/openshift-cluster/config.yml
+++ b/playbooks/aws/openshift-cluster/config.yml
@@ -30,7 +30,7 @@
openshift_hosted_router_selector: 'type=infra'
openshift_node_labels:
region: "{{ deployment_vars[deployment_type].region }}"
- type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] if inventory_hostname in groups['tag_host-type_node'] else hostvars[inventory_hostname]['ec2_tag_host-type'] }}"
+ type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }}"
openshift_master_cluster_method: 'native'
openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}"
os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}"
diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml
index 0a931fbe0..0b85b2485 100644
--- a/playbooks/byo/openshift-cluster/config.yml
+++ b/playbooks/byo/openshift-cluster/config.yml
@@ -5,6 +5,8 @@
connection: local
become: no
gather_facts: no
+ tags:
+ - always
tasks:
- include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
- add_host:
@@ -14,6 +16,8 @@
- hosts: l_oo_all_hosts
gather_facts: no
+ tags:
+ - always
tasks:
- include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
@@ -22,3 +26,4 @@
openshift_cluster_id: "{{ cluster_id | default('default') }}"
openshift_debug_level: "{{ debug_level | default(2) }}"
openshift_deployment_type: "{{ deployment_type }}"
+ openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}"
diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
index 1c8d99341..0ba11a21b 100644
--- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
+++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml
@@ -1,4 +1,6 @@
---
+- include: ../../common/openshift-cluster/verify_ansible_version.yml
+
- hosts: localhost
connection: local
become: no
@@ -8,7 +10,7 @@
- add_host:
name: "{{ item }}"
groups: l_oo_all_hosts
- with_items: g_all_hosts
+ with_items: "{{ g_all_hosts | default([]) }}"
- hosts: l_oo_all_hosts
gather_facts: no
diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml
new file mode 100644
index 000000000..6d1247e0f
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml
@@ -0,0 +1,22 @@
+---
+- include: ../../common/openshift-cluster/verify_ansible_version.yml
+
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: "{{ g_all_hosts | default([]) }}"
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
+
+- include: ../../common/openshift-cluster/redeploy-certificates.yml
+ vars:
+ openshift_deployment_type: "{{ deployment_type }}"
diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh
new file mode 120000
index 000000000..d5d864b63
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh
@@ -0,0 +1 @@
+../../../../common/openshift-cluster/upgrades/files/nuke_images.sh \ No newline at end of file
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md
index 62577c3df..30603463a 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md
@@ -1,10 +1,12 @@
-# v3.1 to v3.2 upgrade playbook
+# v3.2 Major and Minor Upgrade Playbook
## Overview
This playbook currently performs the
following steps.
* Upgrade and restart master services
+ * Unschedule node.
+ * Upgrade and restart docker
* Upgrade and restart node services
* Modifies the subset of the configuration necessary
* Applies the latest cluster policies
@@ -13,4 +15,4 @@ following steps.
* Updates image streams and quickstarts
## Usage
-ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml
index e28313221..5d549eee7 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml
@@ -47,11 +47,19 @@
openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
when: openshift_docker_log_options is not defined
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
+
+# Configure the upgrade target for the common upgrade tasks:
+- hosts: l_oo_all_hosts
+ tasks:
+ - set_fact:
+ openshift_upgrade_target: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+ openshift_upgrade_min: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}"
+
+- include: ../../../../common/openshift-cluster/upgrades/pre.yml
vars:
openshift_deployment_type: "{{ deployment_type }}"
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml
vars:
openshift_deployment_type: "{{ deployment_type }}"
- include: ../../../openshift-master/restart.yml
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
+- include: ../../../../common/openshift-cluster/upgrades/post.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md
new file mode 100644
index 000000000..6892f6324
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md
@@ -0,0 +1,18 @@
+# v3.3 Major and Minor Upgrade Playbook
+
+## Overview
+This playbook currently performs the
+following steps.
+
+ * Upgrade and restart master services
+ * Unschedule node.
+ * Upgrade and restart docker
+ * Upgrade and restart node services
+ * Modifies the subset of the configuration necessary
+ * Applies the latest cluster policies
+ * Updates the default router if one exists
+ * Updates the default registry if one exists
+ * Updates image streams and quickstarts
+
+## Usage
+ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
new file mode 100644
index 000000000..e740b12c0
--- /dev/null
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
@@ -0,0 +1,67 @@
+---
+- include: ../../../../common/openshift-cluster/verify_ansible_version.yml
+
+- hosts: localhost
+ connection: local
+ become: no
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+ - add_host:
+ name: "{{ item }}"
+ groups: l_oo_all_hosts
+ with_items: g_all_hosts | default([])
+
+- hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
+- include: ../../../../common/openshift-cluster/evaluate_groups.yml
+ vars:
+ # Do not allow adding hosts during upgrade.
+ g_new_master_hosts: []
+ g_new_node_hosts: []
+ openshift_cluster_id: "{{ cluster_id | default('default') }}"
+ openshift_deployment_type: "{{ deployment_type }}"
+
+- name: Set oo_options
+ hosts: oo_all_hosts
+ tasks:
+ - set_fact:
+ openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
+ when: openshift_docker_additional_registries is not defined
+ - set_fact:
+ openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}"
+ when: openshift_docker_insecure_registries is not defined
+ - set_fact:
+ openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}"
+ when: openshift_docker_blocked_registries is not defined
+ - set_fact:
+ openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}"
+ when: openshift_docker_options is not defined
+ - set_fact:
+ openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}"
+ when: openshift_docker_log_driver is not defined
+ - set_fact:
+ openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
+ when: openshift_docker_log_options is not defined
+
+
+# Configure the upgrade target for the common upgrade tasks:
+- hosts: l_oo_all_hosts
+ tasks:
+ - set_fact:
+ openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}"
+ openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+
+- include: ../../../../common/openshift-cluster/upgrades/pre.yml
+ vars:
+ openshift_deployment_type: "{{ deployment_type }}"
+- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml
+ vars:
+ openshift_deployment_type: "{{ deployment_type }}"
+ master_config_hook: "v3_3/master_config_upgrade.yml"
+ node_config_hook: "v3_3/node_config_upgrade.yml"
+- include: ../../../openshift-master/restart.yml
+- include: ../../../../common/openshift-cluster/upgrades/post.yml
diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml
index d966b58fd..8c0708df0 100644
--- a/playbooks/byo/openshift_facts.yml
+++ b/playbooks/byo/openshift_facts.yml
@@ -10,7 +10,7 @@
- add_host:
name: "{{ item }}"
groups: l_oo_all_hosts
- with_items: g_all_hosts
+ with_items: "{{ g_all_hosts }}"
- hosts: l_oo_all_hosts
gather_facts: no
diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml
index a34322754..26b31d313 100644
--- a/playbooks/common/openshift-cluster/additional_config.yml
+++ b/playbooks/common/openshift-cluster/additional_config.yml
@@ -1,11 +1,3 @@
-- name: Configure flannel
- hosts: oo_first_master
- vars:
- etcd_urls: "{{ openshift.master.etcd_urls }}"
- roles:
- - role: flannel_register
- when: openshift.common.use_flannel | bool
-
- name: Additional master configuration
hosts: oo_first_master
vars:
@@ -19,14 +11,10 @@
- role: openshift_examples
registry_url: "{{ openshift.master.registry_url }}"
when: openshift.common.install_examples | bool
- - role: openshift_cluster_metrics
- when: openshift.common.use_cluster_metrics | bool
- role: openshift_manageiq
when: openshift.common.use_manageiq | bool
- role: cockpit
when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
- (osm_use_cockpit | bool or osm_use_cockpit is undefined )
+ (osm_use_cockpit | bool or osm_use_cockpit is undefined ) and ( openshift.common.deployment_subtype != 'registry' )
- role: flannel_register
when: openshift.common.use_flannel | bool
-
-
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index 5cf5df08e..d6a99fcda 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -1,14 +1,22 @@
---
- include: evaluate_groups.yml
+ tags:
+ - always
- include: initialize_facts.yml
+ tags:
+ - always
- include: validate_hostnames.yml
+ tags:
+ - node
- include: initialize_openshift_version.yml
- name: Set oo_options
hosts: oo_all_hosts
+ tags:
+ - always
tasks:
- set_fact:
openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
@@ -30,15 +38,29 @@
when: openshift_docker_log_options is not defined
- include: ../openshift-etcd/config.yml
+ tags:
+ - etcd
- include: ../openshift-nfs/config.yml
+ tags:
+ - nfs
- include: ../openshift-loadbalancer/config.yml
+ tags:
+ - loadbalancer
- include: ../openshift-master/config.yml
+ tags:
+ - master
- include: additional_config.yml
+ tags:
+ - master
- include: ../openshift-node/config.yml
+ tags:
+ - node
- include: openshift_hosted.yml
+ tags:
+ - hosted
diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml
index f2bcc872f..4cfe8617e 100644
--- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml
+++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml
@@ -8,11 +8,12 @@
post_tasks:
- fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1"
when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool
-
+
- name: Reconfigure masters to listen on our new dns_port
hosts: oo_masters_to_config
handlers:
- include: ../../../roles/openshift_master/handlers/main.yml
+ static: yes
vars:
os_firewall_allow:
- service: skydns tcp
@@ -43,6 +44,7 @@
hosts: oo_nodes_to_config
handlers:
- include: ../../../roles/openshift_node/handlers/main.yml
+ static: yes
pre_tasks:
- openshift_facts:
role: "{{ item.role }}"
diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml
index 3fb42a7fa..b3e02fb97 100644
--- a/playbooks/common/openshift-cluster/evaluate_groups.yml
+++ b/playbooks/common/openshift-cluster/evaluate_groups.yml
@@ -77,7 +77,7 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_become: "{{ g_sudo | default(omit) }}"
with_items: "{{ g_master_hosts | default([]) }}"
- when: g_nodeonmaster | default(false) == true and g_new_node_hosts is not defined
+ when: g_nodeonmaster | default(false) | bool and not g_new_node_hosts | default(false) | bool
- name: Evaluate oo_first_etcd
add_host:
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index c3077e3c2..f65b7a2cd 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -1,5 +1,8 @@
+---
- name: Create persistent volumes
hosts: oo_first_master
+ tags:
+ - hosted
vars:
persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
@@ -9,10 +12,37 @@
- name: Create Hosted Resources
hosts: oo_first_master
+ tags:
+ - hosted
pre_tasks:
- set_fact:
openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}"
when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master"
roles:
+ - role: openshift_cli
+ - role: openshift_hosted_facts
+ - role: openshift_projects
+ # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
+ # Vars are not accessible in meta/main.yml in ansible-1.9.x
+ openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
+ - role: openshift_serviceaccounts
+ openshift_serviceaccounts_names:
+ - router
+ openshift_serviceaccounts_namespace: default
+ openshift_serviceaccounts_sccs:
+ - hostnetwork
+ when: openshift.common.version_gte_3_2_or_1_2
+ - role: openshift_serviceaccounts
+ openshift_serviceaccounts_names:
+ - router
+ - registry
+ openshift_serviceaccounts_namespace: default
+ openshift_serviceaccounts_sccs:
+ - privileged
+ when: not openshift.common.version_gte_3_2_or_1_2
- role: openshift_hosted
+ - role: openshift_metrics
+ when: openshift.hosted.metrics.deploy | bool
+ - role: cockpit-ui
+ when: ( openshift.common.deployment_subtype == 'registry' )
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml
new file mode 100644
index 000000000..b97906072
--- /dev/null
+++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml
@@ -0,0 +1,245 @@
+---
+- include: evaluate_groups.yml
+
+- include: initialize_facts.yml
+
+- include: initialize_openshift_version.yml
+
+- name: Load openshift_facts
+ hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config
+ roles:
+ - openshift_facts
+
+- name: Redeploy etcd certificates
+ hosts: oo_etcd_to_config
+ any_errors_fatal: true
+ vars:
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_conf_dir: /etc/etcd
+ etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs"
+
+ pre_tasks:
+ - stat:
+ path: "{{ etcd_generated_certs_dir }}"
+ register: etcd_generated_certs_dir_stat
+ - name: Backup etcd certificates
+ command: >
+ tar -czvf /etc/etcd/etcd-certificate-backup-{{ ansible_date_time.epoch }}.tgz
+ {{ etcd_conf_dir }}/ca.crt
+ {{ etcd_conf_dir }}/ca
+ {{ etcd_generated_certs_dir }}
+ when: etcd_generated_certs_dir_stat.stat.exists
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
+ - name: Remove existing etcd certificates
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ etcd_conf_dir }}/ca.crt"
+ - "{{ etcd_conf_dir }}/ca"
+ - "{{ etcd_generated_certs_dir }}"
+ roles:
+ - role: openshift_etcd_server_certificates
+ etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
+ etcd_certificates_redeploy: true
+
+- name: Redeploy master certificates
+ hosts: oo_masters_to_config
+ any_errors_fatal: true
+ vars:
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}"
+ pre_tasks:
+ - stat:
+ path: "{{ openshift_generated_configs_dir }}"
+ register: openshift_generated_configs_dir_stat
+ - name: Backup generated certificate and config directories
+ command: >
+ tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz
+ {{ openshift_generated_configs_dir }}
+ {{ openshift.common.config_base }}/master
+ when: openshift_generated_configs_dir_stat.stat.exists
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+ - name: Remove generated certificate directories
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openshift_generated_configs_dir }}"
+ - name: Remove generated certificates
+ file:
+ path: "{{ openshift.common.config_base }}/master/{{ item }}"
+ state: absent
+ with_items:
+ - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false) }}"
+ - "etcd.server.crt"
+ - "etcd.server.key"
+ - "master.etcd-client.crt"
+ - "master.etcd-client.key"
+ - "master.server.crt"
+ - "master.server.key"
+ - "openshift-master.crt"
+ - "openshift-master.key"
+ - "openshift-master.kubeconfig"
+ - name: Remove CA certificate
+ file:
+ path: "{{ openshift.common.config_base }}/master/{{ item }}"
+ state: absent
+ when: openshift_certificates_redeploy_ca | default(false) | bool
+ with_items:
+ - "ca.crt"
+ - "ca.key"
+ - "ca.serial.txt"
+ - "ca-bundle.crt"
+ roles:
+ - role: openshift_master_certificates
+ openshift_master_etcd_hosts: "{{ hostvars
+ | oo_select_keys(groups['oo_etcd_to_config'] | default([]))
+ | oo_collect('openshift.common.hostname')
+ | default(none, true) }}"
+ openshift_master_hostnames: "{{ hostvars
+ | oo_select_keys(groups['oo_masters_to_config'] | default([]))
+ | oo_collect('openshift.common.all_hostnames')
+ | oo_flatten | unique }}"
+ openshift_certificates_redeploy: true
+ - role: openshift_etcd_client_certificates
+ etcd_certificates_redeploy: true
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
+ etcd_cert_prefix: "master.etcd-"
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
+
+- name: Redeploy node certificates
+ hosts: oo_nodes_to_config
+ any_errors_fatal: true
+ pre_tasks:
+ - name: Remove CA certificate
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ openshift.common.config_base }}/node/ca.crt"
+ roles:
+ - role: openshift_node_certificates
+ openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
+ openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ openshift_certificates_redeploy: true
+
+- name: Restart etcd
+ hosts: oo_etcd_to_config
+ tasks:
+ - name: restart etcd
+ service: name=etcd state=restarted
+
+- name: Stop master services
+ hosts: oo_masters_to_config
+ vars:
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
+ tasks:
+ - name: stop master
+ service: name={{ openshift.common.service_type }}-master state=stopped
+ when: not openshift_master_ha | bool
+ - name: stop master api
+ service: name={{ openshift.common.service_type }}-master-api state=stopped
+ when: openshift_master_ha | bool and openshift_master_cluster_method == 'native'
+ - name: stop master controllers
+ service: name={{ openshift.common.service_type }}-master-controllers state=stopped
+ when: openshift_master_ha | bool and openshift_master_cluster_method == 'native'
+
+- name: Start master services
+ hosts: oo_masters_to_config
+ serial: 1
+ vars:
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
+ tasks:
+ - name: start master
+ service: name={{ openshift.common.service_type }}-master state=started
+ when: not openshift_master_ha | bool
+ - name: start master api
+ service: name={{ openshift.common.service_type }}-master-api state=started
+ when: openshift_master_ha | bool and openshift_master_cluster_method == 'native'
+ - name: start master controllers
+ service: name={{ openshift.common.service_type }}-master-controllers state=started
+ when: openshift_master_ha | bool and openshift_master_cluster_method == 'native'
+
+- name: Restart masters (pacemaker)
+ hosts: oo_first_master
+ vars:
+ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
+ tasks:
+ - name: restart master
+ command: pcs resource restart master
+ when: openshift_master_ha | bool and openshift_master_cluster_method == 'pacemaker'
+
+- name: Restart nodes
+ hosts: oo_nodes_to_config
+ tasks:
+ - name: restart node
+ service: name={{ openshift.common.service_type }}-node state=restarted
+
+- name: Copy admin client config(s)
+ hosts: oo_first_master
+ tasks:
+ - name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+
+ - name: Copy admin client config(s)
+ command: >
+ cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
+ changed_when: False
+
+- name: Serially evacuate all nodes to trigger redeployments
+ hosts: oo_nodes_to_config
+ serial: 1
+ any_errors_fatal: true
+ tasks:
+ - name: Determine if node is currently scheduleable
+ command: >
+ {{ openshift.common.client_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
+ get node {{ openshift.common.hostname | lower }} -o json
+ register: node_output
+ when: openshift_certificates_redeploy_ca | default(false) | bool
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ changed_when: false
+
+ - set_fact:
+ was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}"
+ when: openshift_certificates_redeploy_ca | default(false) | bool
+
+ - name: Prepare for node evacuation
+ command: >
+ {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
+ manage-node {{ openshift.common.hostname | lower }}
+ --schedulable=false
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
+
+ - name: Evacuate node
+ command: >
+ {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
+ manage-node {{ openshift.common.hostname | lower }}
+ --evacuate --force
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
+
+ - name: Set node schedulability
+ command: >
+ {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig
+ manage-node {{ openshift.common.hostname | lower }} --schedulable=true
+ delegate_to: "{{ groups.oo_first_master.0 }}"
+ when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool
+
+- name: Delete temporary directory
+ hosts: oo_first_master
+ tasks:
+ - name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False
diff --git a/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2
new file mode 120000
index 000000000..2441f8887
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2
@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/atomic-openshift-master.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/containerized_node_upgrade.yml
index 60ea84f8e..32a3636aa 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/containerized_node_upgrade.yml
@@ -1,7 +1,7 @@
-- include_vars: ../../../../../roles/openshift_node/vars/main.yml
+- include_vars: ../../../../roles/openshift_node/vars/main.yml
- name: Update systemd units
- include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }}
+ include: ../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }}
- name: Verifying the correct version was configured
shell: grep {{ verify_upgrade_version }} {{ item }}
diff --git a/playbooks/common/openshift-cluster/upgrades/docker-cluster b/playbooks/common/openshift-cluster/upgrades/docker-cluster
new file mode 120000
index 000000000..055ad09fc
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/docker-cluster
@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/docker-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
index 20d66522f..417096dd0 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
@@ -13,14 +13,36 @@
failed_when: false
when: openshift.common.is_containerized | bool
+- name: Check Docker image count
+ shell: "docker images -aq | wc -l"
+ register: docker_image_count
+
+- debug: var=docker_image_count.stdout
+
- name: Remove all containers and images
script: nuke_images.sh docker
register: nuke_images_result
when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+- name: Check Docker image count
+ shell: "docker images -aq | wc -l"
+ register: docker_image_count
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+- debug: var=docker_image_count.stdout
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+- service: name=docker state=stopped
+
- name: Upgrade Docker
action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version }} state=present"
+- service: name=docker state=started
+
+- name: Update docker facts
+ openshift_facts:
+ role: docker
+
- name: Restart containerized services
service: name={{ item }} state=started
with_items:
diff --git a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh
index 6b155f7fa..8635eab0d 100644
--- a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh
+++ b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh
@@ -15,9 +15,11 @@ then
fi
# Delete all images (forcefully)
-image_ids=`docker images -q`
+image_ids=`docker images -aq`
if test -n "$image_ids"
then
- # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144
- docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge."
+ # Some layers are deleted recursively and are no longer present
+ # when docker goes to remove them:
+ docker rmi -f `docker images -aq` || true
fi
+
diff --git a/playbooks/common/openshift-cluster/upgrades/master_docker b/playbooks/common/openshift-cluster/upgrades/master_docker
new file mode 120000
index 000000000..6aeca2842
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/master_docker
@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/master_docker \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/native-cluster b/playbooks/common/openshift-cluster/upgrades/native-cluster
new file mode 120000
index 000000000..4af88e666
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/native-cluster
@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/native-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service
new file mode 120000
index 000000000..add8b7fa9
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service
@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openshift.docker.node.dep.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service
new file mode 120000
index 000000000..ed181633d
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service
@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openshift.docker.node.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service b/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service
new file mode 120000
index 000000000..c21e895f2
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service
@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openvswitch.docker.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2 b/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2
new file mode 120000
index 000000000..ead6904c4
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2
@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/post.yml
index ccf9514f1..e43954453 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post.yml
@@ -57,3 +57,16 @@
'{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}'
--api-version=v1
+# Check for warnings to be printed at the end of the upgrade:
+- name: Check for warnings
+ hosts: oo_masters_to_config
+ tasks:
+ # Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond:
+ - command: >
+ grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml
+ register: grep_plugin_order_override
+ when: openshift.common.version_gte_3_3_or_1_3 | bool
+ failed_when: false
+ - name: Warn if pluginOrderOverride is in use in master-config.yaml
+ debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
+ when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/pre.yml
index a32123952..42a24eaf8 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre.yml
@@ -3,7 +3,7 @@
# Evaluate host groups and gather facts
###############################################################################
-- include: ../../initialize_facts.yml
+- include: ../initialize_facts.yml
- name: Update repos and initialize facts on all hosts
hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -39,7 +39,6 @@
- name: Verify upgrade can proceed on first master
hosts: oo_first_master
vars:
- target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}"
gather_facts: no
tasks:
@@ -63,14 +62,14 @@
- fail:
msg: >
openshift_pkg_version is {{ openshift_pkg_version }} which is not a
- valid version for a {{ target_version }} upgrade
- when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<')
+ valid version for a {{ openshift_upgrade_target }} upgrade
+ when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(openshift_upgrade_target ,'<')
- fail:
msg: >
openshift_image_tag is {{ openshift_image_tag }} which is not a
- valid version for a {{ target_version }} upgrade
- when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<')
+ valid version for a {{ openshift_upgrade_target }} upgrade
+ when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(openshift_upgrade_target ,'<')
- set_fact:
openshift_release: "{{ openshift_release[1:] }}"
@@ -79,15 +78,15 @@
- fail:
msg: >
openshift_release is {{ openshift_release }} which is not a
- valid release for a {{ target_version }} upgrade
- when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=')
+ valid release for a {{ openshift_upgrade_target }} upgrade
+ when: openshift_release is defined and not openshift_release | version_compare(openshift_upgrade_target ,'=')
-- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
+- include: ../../../common/openshift-cluster/initialize_openshift_version.yml
vars:
- # Request openshift_release 3.2 and let the openshift_version role handle converting this
+ # Request specific openshift_release and let the openshift_version role handle converting this
# to a more specific version, respecting openshift_image_tag and openshift_pkg_version if
# defined, and overriding the normal behavior of protecting the installed version
- openshift_release: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+ openshift_release: "{{ openshift_upgrade_target }}"
openshift_protect_installed_version: False
# Docker role (a dependency) should be told not to do anything to installed version
# of docker, we handle this separately during upgrade. (the inventory may have a
@@ -141,7 +140,6 @@
- name: Verify upgrade targets
hosts: oo_masters_to_config:oo_nodes_to_config
vars:
- target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
pre_tasks:
- fail:
@@ -175,48 +173,24 @@
register: avail_openshift_version
when: not openshift.common.is_containerized | bool
- - name: Verify OpenShift 3.2 RPMs are available for upgrade
+ - name: Verify OpenShift RPMs are available for upgrade
fail:
- msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 3.2 or greater is required"
- when: deployment_type != 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
-
- - name: Verify Origin 1.2 RPMs are available for upgrade
- fail:
- msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 1.2 or greater is required"
- when: deployment_type == 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
-
- # TODO: Are these two grep checks necessary anymore?
- # Note: the version number is hardcoded here in hopes of catching potential
- # bugs in how g_aos_versions.curr_version is set
- - name: Verifying the correct version is installed for upgrade
- shell: grep 3.1.1.6 {{ item }}
- with_items:
- - /etc/sysconfig/openvswitch
- - /etc/sysconfig/{{ openshift.common.service_type }}*
- when: verify_upgrade_version is defined
-
- - name: Verifying the image version is used in the systemd unit
- shell: grep IMAGE_VERSION {{ item }}
- with_items:
- - /etc/systemd/system/openvswitch.service
- - /etc/systemd/system/{{ openshift.common.service_type }}*.service
- when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
-
- - fail:
- msg: This upgrade playbook must be run on Origin 1.1 or later
- when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<')
+ msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but {{ openshift_upgrade_target }} or greater is required"
+ when: not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
- fail:
- msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later
- when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<')
+ msg: "This upgrade playbook must be run against OpenShift {{ openshift_upgrade_min }} or later"
+ when: deployment_type == 'origin' and openshift.common.version | version_compare(openshift_upgrade_min,'<')
- name: Verify docker upgrade targets
hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config
tasks:
- - name: Determine available Docker
- script: ../files/rpm_versions.sh docker
- register: g_docker_version_result
- when: not openshift.common.is_atomic | bool
+ # Only check if docker upgrade is required if docker_upgrade is not
+ # already set to False.
+ - include: docker/upgrade_check.yml
+ when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool
+
+ # Additional checks for Atomic hosts:
- name: Determine available Docker
shell: "rpm -q --queryformat '---\ncurr_version: %{VERSION}\navail_version: \n' docker"
@@ -224,18 +198,12 @@
when: openshift.common.is_atomic | bool
- set_fact:
- g_docker_version: "{{ g_docker_version_result.stdout | from_yaml }}"
- when: not openshift.common.is_atomic | bool
-
- - set_fact:
- g_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}"
+ l_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}"
when: openshift.common.is_atomic | bool
- fail:
msg: This playbook requires access to Docker 1.10 or later
- when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.10','<')
-
- # TODO: add check to upgrade ostree to get latest Docker
+ when: openshift.common.is_atomic | bool and l_docker_version.avail_version | default(l_docker_version.curr_version, true) | version_compare('1.10','<')
- set_fact:
pre_upgrade_complete: True
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
index f5e4d807e..f5e4d807e 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
index 59cedc839..be4e02c4a 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml
@@ -3,23 +3,55 @@
# The restart playbook should be run after this playbook completes.
###############################################################################
+# Separate step so we can execute in parallel and clear out anything unused
+# before we get into the serialized upgrade process which will then remove
+# remaining images if possible.
+- name: Cleanup unused Docker images
+ hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config
+ tasks:
+ - name: Check Docker image count
+ shell: "docker images -aq | wc -l"
+ register: docker_image_count
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+ - debug: var=docker_image_count.stdout
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+ - name: Remove unused Docker images for Docker 1.10+ migration
+ shell: "docker rmi `docker images -aq`"
+ # Will fail on images still in use:
+ failed_when: false
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+ - name: Check Docker image count
+ shell: "docker images -aq | wc -l"
+ register: docker_image_count
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
+ - debug: var=docker_image_count.stdout
+ when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
+
###############################################################################
# Upgrade Masters
###############################################################################
- name: Upgrade master
hosts: oo_masters_to_config
handlers:
- - include: ../../../../../roles/openshift_master/handlers/main.yml
+ - include: ../../../../roles/openshift_master/handlers/main.yml
+ static: yes
roles:
- openshift_facts
tasks:
- include: rpm_upgrade.yml component=master
when: not openshift.common.is_containerized | bool
- - include_vars: ../../../../../roles/openshift_master/vars/main.yml
+ - include: "{{ master_config_hook }}"
+ when: master_config_hook is defined
+
+ - include_vars: ../../../../roles/openshift_master/vars/main.yml
- name: Update systemd units
- include: ../../../../../roles/openshift_master/tasks/systemd_units.yml
+ include: ../../../../roles/openshift_master/tasks/systemd_units.yml
# - name: Upgrade master configuration
# openshift_upgrade_config:
@@ -28,6 +60,31 @@
# role: master
# config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}"
+ - name: Check for ca-bundle.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ register: ca_bundle_stat
+ failed_when: false
+
+ - name: Check for ca.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ register: ca_crt_stat
+ failed_when: false
+
+ - name: Migrate ca.crt to ca-bundle.crt
+ command: mv ca.crt ca-bundle.crt
+ args:
+ chdir: "{{ openshift.common.config_base }}/master"
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
+ - name: Link ca.crt to ca-bundle.crt
+ file:
+ src: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ state: link
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
- name: Set master update status to complete
hosts: oo_masters_to_config
tasks:
@@ -53,6 +110,52 @@
when: master_update_failed | length > 0
###############################################################################
+# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
+###############################################################################
+
+- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
+ hosts: oo_masters_to_config
+ roles:
+ - { role: openshift_cli }
+ vars:
+ origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
+ ent_reconcile_bindings: true
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
+ # Similar to pre.yml, we don't want to upgrade docker during the openshift_cli role,
+ # it will be updated when we perform node upgrade.
+ docker_protect_installed_version: True
+ tasks:
+ - name: Verifying the correct commandline tools are available
+ shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
+ when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
+
+ - name: Reconcile Cluster Roles
+ command: >
+ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ policy reconcile-cluster-roles --additive-only=true --confirm
+ run_once: true
+
+ - name: Reconcile Cluster Role Bindings
+ command: >
+ {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
+ policy reconcile-cluster-role-bindings
+ --exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
+ --exclude-groups=system:unauthenticated
+ --exclude-users=system:anonymous
+ --additive-only=true --confirm
+ when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
+ run_once: true
+
+ - name: Reconcile Security Context Constraints
+ command: >
+ {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
+ run_once: true
+
+ - set_fact:
+ reconcile_complete: True
+
+###############################################################################
# Upgrade Nodes
###############################################################################
@@ -64,7 +167,8 @@
roles:
- openshift_facts
handlers:
- - include: ../../../../../roles/openshift_node/handlers/main.yml
+ - include: ../../../../roles/openshift_node/handlers/main.yml
+ static: yes
tasks:
# TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
# or docker actually needs an upgrade before proceeding. Perhaps best to save this until
@@ -81,13 +185,10 @@
delegate_to: "{{ groups.oo_first_master.0 }}"
when: inventory_hostname in groups.oo_nodes_to_config
- # Only check if docker upgrade is required if docker_upgrade is not
- # already set to False.
- - include: ../docker/upgrade_check.yml
- when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool
-
- - include: ../docker/upgrade.yml
+ - include: docker/upgrade.yml
when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool
+ - include: "{{ node_config_hook }}"
+ when: node_config_hook is defined and inventory_hostname in groups.oo_nodes_to_config
- include: rpm_upgrade.yml
vars:
@@ -105,49 +206,6 @@
when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool
-###############################################################################
-# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
-###############################################################################
-
-- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
- hosts: oo_masters_to_config
- roles:
- - { role: openshift_cli }
- vars:
- origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
- ent_reconcile_bindings: true
- openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
- tasks:
- - name: Verifying the correct commandline tools are available
- shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
- when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
-
- - name: Reconcile Cluster Roles
- command: >
- {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- policy reconcile-cluster-roles --additive-only=true --confirm
- run_once: true
-
- - name: Reconcile Cluster Role Bindings
- command: >
- {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- policy reconcile-cluster-role-bindings
- --exclude-groups=system:authenticated
- --exclude-groups=system:authenticated:oauth
- --exclude-groups=system:unauthenticated
- --exclude-users=system:anonymous
- --additive-only=true --confirm
- when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
- run_once: true
-
- - name: Reconcile Security Context Constraints
- command: >
- {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
- run_once: true
-
- - set_fact:
- reconcile_complete: True
-
##############################################################################
# Gate on reconcile
##############################################################################
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
deleted file mode 120000
index cf20e8959..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/atomic-openshift-master.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
deleted file mode 120000
index 5a3dd12b3..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/docker \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
deleted file mode 120000
index 3ee319365..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/docker-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins
deleted file mode 120000
index 27ddaa18b..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../filter_plugins \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library
deleted file mode 120000
index 53bed9684..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library
+++ /dev/null
@@ -1 +0,0 @@
-../library \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins
deleted file mode 120000
index cf407f69b..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../lookup_plugins \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
deleted file mode 120000
index f44f8eb4f..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/native-cluster \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service
deleted file mode 120000
index b384a3f4d..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openshift.docker.node.dep.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service
deleted file mode 120000
index a2f140144..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openshift.docker.node.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service
deleted file mode 120000
index 61946ff91..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openvswitch.docker.service \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2
deleted file mode 120000
index 3adc56e4e..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2 \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles
deleted file mode 120000
index 6bc1a7aef..000000000
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../roles \ No newline at end of file
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
new file mode 100644
index 000000000..638ef23a8
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml
@@ -0,0 +1,40 @@
+---
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes'
+ yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.contentType'
+ yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.burst'
+ yaml_value: 400
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.ops'
+ yaml_value: 200
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.acceptContentTypes'
+ yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.contentType'
+ yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.burst'
+ yaml_value: 600
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.ops'
+ yaml_value: 300
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml
new file mode 100644
index 000000000..1297938bc
--- /dev/null
+++ b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml
@@ -0,0 +1,21 @@
+---
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+ yaml_key: 'masterClientConnectionOverrides.acceptContentTypes'
+ yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+ yaml_key: 'masterClientConnectionOverrides.contentType'
+ yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+ yaml_key: 'masterClientConnectionOverrides.burst'
+ yaml_value: 40
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+ yaml_key: 'masterClientConnectionOverrides.ops'
+ yaml_value: 20
+
diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml
index a95de8cf3..1b8106e0e 100644
--- a/playbooks/common/openshift-etcd/config.yml
+++ b/playbooks/common/openshift-etcd/config.yml
@@ -1,119 +1,10 @@
---
-- name: Set etcd facts needed for generating certs
+- name: Configure etcd
hosts: oo_etcd_to_config
any_errors_fatal: true
roles:
- - openshift_facts
- tasks:
- - openshift_facts:
- role: etcd
- local_facts:
- etcd_image: "{{ osm_etcd_image | default(None) }}"
- - name: Check status of etcd certificates
- stat:
- path: "{{ item }}"
- with_items:
- - /etc/etcd/server.crt
- - /etc/etcd/peer.crt
- - /etc/etcd/ca.crt
- register: g_etcd_server_cert_stat_result
- - set_fact:
- etcd_server_certs_missing: "{{ g_etcd_server_cert_stat_result.results | oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_cert_subdir: etcd-{{ openshift.common.hostname }}
- etcd_cert_config_dir: /etc/etcd
- etcd_cert_prefix:
- etcd_hostname: "{{ openshift.common.hostname }}"
- etcd_ip: "{{ openshift.common.ip }}"
-
-- name: Create temp directory for syncing certs
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - name: Create local temp directory for syncing certs
- local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: g_etcd_mktemp
- changed_when: False
-
-- name: Configure etcd certificates
- hosts: oo_first_etcd
- vars:
- etcd_generated_certs_dir: /etc/etcd/generated_certs
- etcd_needing_server_certs: "{{ hostvars
- | oo_select_keys(groups['oo_etcd_to_config'])
- | oo_filter_list(filter_attr='etcd_server_certs_missing') }}"
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- roles:
- - openshift_etcd_certificates
- post_tasks:
- - name: Create a tarball of the etcd certs
- command: >
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
- args:
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
- - name: Retrieve the etcd cert tarballs
- fetch:
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- dest: "{{ sync_tmpdir }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-# Configure a first etcd host to avoid conflicts in choosing a leader
-# if other members come online too quickly.
-- name: Configure first etcd host
- hosts: oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
- etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - openshift_etcd
- - nickhammond.logrotate
-
-# Configure the remaining etcd hosts, skipping the first one we dealt with above.
-- name: Configure remaining etcd hosts
- hosts: oo_etcd_to_config:!oo_first_etcd
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_etcd_mktemp.stdout }}"
- etcd_url_scheme: https
- etcd_peer_url_scheme: https
+ - role: openshift_etcd
etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}"
- pre_tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ etcd_cert_config_dir }}"
- state: directory
- - name: Unarchive the tarball on the etcd host
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_server_certs_missing
- roles:
- - openshift_etcd
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"
- role: nickhammond.logrotate
-
-- name: Delete temporary directory on localhost
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - file: name={{ g_etcd_mktemp.stdout }} state=absent
- changed_when: False
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 911c23d70..7f60cd9e4 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -1,5 +1,5 @@
---
-- name: Set master facts and determine if external etcd certs need to be generated
+- name: Set master facts
hosts: oo_masters_to_config
vars:
t_oo_option_master_debug_level: "{{ lookup('oo_option', 'openshift_master_debug_level') }}"
@@ -48,6 +48,12 @@
- set_fact:
openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}"
when: openshift_hosted_metrics_resolution is not defined
+ - set_fact:
+ openshift_hosted_metrics_deployer_prefix: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_prefix') | default('openshift') }}"
+ when: openshift_hosted_metrics_deployer_prefix is not defined
+ - set_fact:
+ openshift_hosted_metrics_deployer_version: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_version') | default('latest') }}"
+ when: openshift_hosted_metrics_deployer_prefix is not defined
roles:
- openshift_facts
post_tasks:
@@ -73,23 +79,6 @@
openshift_env:
openshift_hosted_registry_storage_kind: 'nfs'
when: openshift_hosted_registry_storage_kind is not defined and groups.oo_nfs_to_config is defined and groups.oo_nfs_to_config | length > 0
- - name: Check status of external etcd certificatees
- stat:
- path: "{{ openshift.common.config_base }}/master/{{ item }}"
- with_items:
- - master.etcd-client.crt
- - master.etcd-ca.crt
- register: g_external_etcd_cert_stat_result
- - set_fact:
- etcd_client_certs_missing: "{{ g_external_etcd_cert_stat_result.results
- | oo_collect(attribute='stat.exists')
- | list | intersect([false])}}"
- etcd_cert_subdir: openshift-master-{{ openshift.common.hostname }}
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
- etcd_cert_prefix: master.etcd-
- etcd_hostname: "{{ openshift.common.hostname }}"
- etcd_ip: "{{ openshift.common.ip }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
- name: Create temp directory for syncing certs
hosts: localhost
@@ -102,60 +91,6 @@
register: g_master_mktemp
changed_when: False
-- name: Configure etcd certificates
- hosts: oo_first_etcd
- vars:
- etcd_generated_certs_dir: /etc/etcd/generated_certs
- etcd_needing_client_certs: "{{ hostvars
- | oo_select_keys(groups['oo_masters_to_config'])
- | default([])
- | oo_filter_list(filter_attr='etcd_client_certs_missing') }}"
- sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
- roles:
- - openshift_etcd_certificates
- post_tasks:
- - name: Create a tarball of the etcd certs
- command: >
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
- args:
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- - name: Retrieve the etcd cert tarballs
- fetch:
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- dest: "{{ sync_tmpdir }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
-
-- name: Copy the external etcd certs to the masters
- hosts: oo_masters_to_config
- vars:
- sync_tmpdir: "{{ hostvars.localhost.g_master_mktemp.stdout }}"
- tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ openshift.common.config_base }}/master"
- state: directory
- when: etcd_client_certs_missing is defined and etcd_client_certs_missing
- - name: Unarchive the tarball on the master
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_client_certs_missing is defined and etcd_client_certs_missing
- - file:
- path: "{{ etcd_cert_config_dir }}/{{ item }}"
- owner: root
- group: root
- mode: 0600
- with_items:
- - master.etcd-client.crt
- - master.etcd-client.key
- - master.etcd-ca.crt
- when: etcd_client_certs_missing is defined and etcd_client_certs_missing
-
- name: Check for cached session secrets
hosts: oo_first_master
roles:
@@ -183,54 +118,6 @@
session_encryption_secrets: "{{ g_session_encryption_secrets }}"
when: not g_session_secrets_present | bool
-- name: Parse named certificates
- hosts: localhost
- connection: local
- become: no
- vars:
- internal_hostnames: "{{ hostvars[groups.oo_first_master.0].openshift.common.internal_hostnames }}"
- named_certificates: "{{ hostvars[groups.oo_first_master.0].openshift_master_named_certificates | default([]) }}"
- named_certificates_dir: "{{ hostvars[groups.oo_first_master.0].openshift.common.config_base }}/master/named_certificates/"
- tasks:
- - set_fact:
- parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certificates_dir, internal_hostnames) }}"
- when: named_certificates | length > 0
-
-- name: Deploy named certificates
- hosts: oo_masters_to_config
- vars:
- named_certs_dir: "{{ master_cert_config_dir }}/named_certificates/"
- named_certs_specified: "{{ openshift_master_named_certificates is defined }}"
- overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
- roles:
- - role: openshift_facts
- post_tasks:
- - openshift_facts:
- role: master
- local_facts:
- named_certificates: "{{ hostvars.localhost.parsed_named_certificates | default([]) }}"
- additive_facts_to_overwrite:
- - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
- - name: Clear named certificates
- file:
- path: "{{ named_certs_dir }}"
- state: absent
- when: overwrite_named_certs | bool
- - name: Ensure named certificate directory exists
- file:
- path: "{{ named_certs_dir }}"
- state: directory
- mode: 0700
- when: named_certs_specified | bool
- - name: Land named certificates
- copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
- with_items: openshift_master_named_certificates
- when: named_certs_specified | bool
- - name: Land named certificate keys
- copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600
- with_items: openshift_master_named_certificates
- when: named_certs_specified | bool
-
- name: Configure masters
hosts: oo_masters_to_config
any_errors_fatal: true
@@ -245,10 +132,10 @@
| union(groups['oo_etcd_to_config'] | default([])))
| oo_collect('openshift.common.hostname') | default([]) | join (',')
}}"
- when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
- openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- - role: openshift_master
+ - role: openshift_master_facts
+ - role: openshift_hosted_facts
+ - role: openshift_master_certificates
openshift_ca_host: "{{ groups.oo_first_master.0 }}"
openshift_master_etcd_hosts: "{{ hostvars
| oo_select_keys(groups['oo_etcd_to_config'] | default([]))
@@ -258,6 +145,39 @@
| oo_select_keys(groups['oo_masters_to_config'] | default([]))
| oo_collect('openshift.common.all_hostnames')
| oo_flatten | unique }}"
+ - role: openshift_etcd_client_certificates
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}"
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/master"
+ etcd_cert_prefix: "master.etcd-"
+ when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
+ - role: openshift_clock
+ - role: openshift_cloud_provider
+ - role: openshift_builddefaults
+ - role: os_firewall
+ os_firewall_allow:
+ - service: etcd embedded
+ port: 4001/tcp
+ - service: api server https
+ port: "{{ openshift.master.api_port }}/tcp"
+ - service: api controllers https
+ port: "{{ openshift.master.controllers_port }}/tcp"
+ - service: skydns tcp
+ port: "{{ openshift.master.dns_port }}/tcp"
+ - service: skydns udp
+ port: "{{ openshift.master.dns_port }}/udp"
+ - service: Fluentd td-agent tcp
+ port: 24224/tcp
+ - service: Fluentd td-agent udp
+ port: 24224/udp
+ - service: pcsd
+ port: 2224/tcp
+ - service: Corosync UDP
+ port: 5404/udp
+ - service: Corosync UDP
+ port: 5405/udp
+ - role: openshift_master
+ openshift_master_hosts: "{{ groups.oo_masters_to_config }}"
- role: nickhammond.logrotate
- role: nuage_master
when: openshift.common.use_nuage | bool
diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml
index 6e6cb3e01..7304fca56 100644
--- a/playbooks/common/openshift-master/scaleup.yml
+++ b/playbooks/common/openshift-master/scaleup.yml
@@ -33,7 +33,12 @@
service: name={{ openshift.common.service_type }}-master-controllers state=restarted
- name: verify api server
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
@@ -53,4 +58,6 @@
- include: ../openshift-master/config.yml
+- include: ../openshift-loadbalancer/config.yml
+
- include: ../openshift-node/config.yml
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index a8c49d37b..e7c7ffb38 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -43,7 +43,7 @@
ansible_ssh_user: "{{ g_ssh_user | default(omit) }}"
ansible_become: "{{ g_sudo | default(omit) }}"
with_items: "{{ groups.oo_nodes_to_config | default([]) }}"
- when: hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
+ when: hostvars[item].openshift.common is defined and hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config)
- name: Configure node instances
hosts: oo_containerized_master_nodes
@@ -60,8 +60,30 @@
when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- - role: openshift_node
+ - role: openshift_clock
+ - role: openshift_docker
+ - role: openshift_node_certificates
openshift_ca_host: "{{ groups.oo_first_master.0 }}"
+ - role: openshift_cloud_provider
+ - role: openshift_common
+ - role: openshift_node_dnsmasq
+ when: openshift.common.use_dnsmasq
+ - role: os_firewall
+ os_firewall_allow:
+ - service: Kubernetes kubelet
+ port: 10250/tcp
+ - service: http
+ port: 80/tcp
+ - service: https
+ port: 443/tcp
+ - service: Openshift kubelet ReadOnlyPort
+ port: 10255/tcp
+ - service: Openshift kubelet ReadOnlyPort udp
+ port: 10255/udp
+ - service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool
+ - role: openshift_node
- name: Configure node instances
hosts: oo_nodes_to_config:!oo_containerized_master_nodes
@@ -77,97 +99,42 @@
when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
openshift_generate_no_proxy_hosts | default(True) | bool }}"
roles:
- - role: openshift_node
+ - role: openshift_clock
+ - role: openshift_docker
+ - role: openshift_node_certificates
openshift_ca_host: "{{ groups.oo_first_master.0 }}"
-
-- name: Gather and set facts for flannel certificatess
- hosts: oo_nodes_to_config
- tasks:
- - name: Check status of flannel external etcd certificates
- stat:
- path: "{{ openshift.common.config_base }}/node/{{ item }}"
- with_items:
- - node.etcd-client.crt
- - node.etcd-ca.crt
- register: g_external_etcd_flannel_cert_stat_result
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config and (openshift.common.use_flannel | bool)
- - set_fact:
- etcd_client_flannel_certs_missing: "{{ False in g_external_etcd_flannel_cert_stat_result.results
- | oo_collect(attribute='stat.exists')
- | list }}"
- etcd_cert_subdir: openshift-node-{{ openshift.common.hostname }}
- etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
- etcd_cert_prefix: node.etcd-
- etcd_hostname: "{{ openshift.common.hostname }}"
- etcd_ip: "{{ openshift.common.ip }}"
- when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config | length > 0 and (openshift.common.use_flannel | bool)
-
-- name: Configure flannel etcd certificates
- hosts: oo_first_etcd
- vars:
- etcd_generated_certs_dir: /etc/etcd/generated_certs
- sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
- pre_tasks:
- - set_fact:
- etcd_needing_client_certs: "{{ hostvars
- | oo_select_keys(groups['oo_nodes_to_config'])
- | oo_filter_list('etcd_client_flannel_certs_missing') | default([]) }}"
- roles:
- - role: openshift_etcd_certificates
- when: openshift_use_flannel | default(false) | bool
- post_tasks:
- - name: Create a tarball of the etcd flannel certs
- command: >
- tar -czvf {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz
- -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
- args:
- creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
- - name: Retrieve the etcd cert tarballs
- fetch:
- src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
- dest: "{{ sync_tmpdir }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
-
-- name: Copy the external etcd flannel certs to the nodes
- hosts: oo_nodes_to_config
- vars:
- sync_tmpdir: "{{ hostvars.localhost.mktemp.stdout }}"
- tasks:
- - name: Ensure certificate directory exists
- file:
- path: "{{ openshift.common.config_base }}/node"
- state: directory
- when: etcd_client_flannel_certs_missing | default(false) | bool
- - name: Unarchive the tarball on the master
- unarchive:
- src: "{{ sync_tmpdir }}/{{ etcd_cert_subdir }}.tgz"
- dest: "{{ etcd_cert_config_dir }}"
- when: etcd_client_flannel_certs_missing | default(false) | bool
- - file:
- path: "{{ etcd_cert_config_dir }}/{{ item }}"
- owner: root
- group: root
- mode: 0600
- with_items:
- - node.etcd-client.crt
- - node.etcd-client.key
- - node.etcd-ca.crt
- when: etcd_client_flannel_certs_missing | default(false) | bool
-
+ - role: openshift_cloud_provider
+ - role: openshift_common
+ - role: openshift_node_dnsmasq
+ when: openshift.common.use_dnsmasq
+ - role: os_firewall
+ os_firewall_allow:
+ - service: Kubernetes kubelet
+ port: 10250/tcp
+ - service: http
+ port: 80/tcp
+ - service: https
+ port: 443/tcp
+ - service: Openshift kubelet ReadOnlyPort
+ port: 10255/tcp
+ - service: Openshift kubelet ReadOnlyPort udp
+ port: 10255/udp
+ - service: OpenShift OVS sdn
+ port: 4789/udp
+ when: openshift.node.use_openshift_sdn | bool
+ - role: openshift_node
- name: Additional node config
hosts: oo_nodes_to_config
vars:
- # TODO: Prefix flannel role variables.
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
- etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
- embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
roles:
- role: flannel
+ etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}"
+ embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}"
+ etcd_cert_config_dir: "{{ openshift.common.config_base }}/node"
when: openshift.common.use_flannel | bool
- role: nuage_node
when: openshift.common.use_nuage | bool
@@ -201,7 +168,12 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
index 3117d9edc..b42ca83af 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml
@@ -1,27 +1,11 @@
---
-- name: Test if libvirt network for openshift already exists
- command: "virsh -c {{ libvirt_uri }} net-info {{ libvirt_network }}"
- register: net_info_result
- changed_when: False
- failed_when: "net_info_result.rc != 0 and 'no network with matching name' not in net_info_result.stderr"
-
-- name: Create a temp directory for the template xml file
- command: "mktemp -d /tmp/openshift-ansible-XXXXXXX"
- register: mktemp
- when: net_info_result.rc == 1
-
-- name: Create network xml file
- template:
- src: templates/network.xml
- dest: "{{ mktemp.stdout }}/network.xml"
- when: net_info_result.rc == 1
-
-- name: Create libvirt network for openshift
- command: "virsh -c {{ libvirt_uri }} net-create {{ mktemp.stdout }}/network.xml"
- when: net_info_result.rc == 1
-
-- name: Remove the temp directory
- file:
- path: "{{ mktemp.stdout }}"
- state: absent
- when: net_info_result.rc == 1
+- name: Create the libvirt network for OpenShift
+ virt_net:
+ name: '{{ libvirt_network }}'
+ state: '{{ item }}'
+ autostart: 'yes'
+ xml: "{{ lookup('template', 'network.xml') }}"
+ uri: '{{ libvirt_uri }}'
+ with_items:
+ - present
+ - active
diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
index 397158b9e..8685624ec 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml
@@ -6,22 +6,25 @@
# We need to set permissions on the directory and any items created under the directory, so we need to call the acl module with and without default set.
- acl:
- default: "{{ item }}"
+ default: '{{ item.default }}'
entity: kvm
etype: group
name: "{{ libvirt_storage_pool_path }}"
- permissions: rwx
+ permissions: '{{ item.permissions }}'
state: present
with_items:
- - no
- - yes
+ - default: no
+ permissions: x
+ - default: yes
+ permissions: rwx
-- name: Test if libvirt storage pool for openshift already exists
- command: "virsh -c {{ libvirt_uri }} pool-info {{ libvirt_storage_pool }}"
- register: pool_info_result
- changed_when: False
- failed_when: "pool_info_result.rc != 0 and 'no storage pool with matching name' not in pool_info_result.stderr"
-
-- name: Create the libvirt storage pool for openshift
- command: 'virsh -c {{ libvirt_uri }} pool-create-as {{ libvirt_storage_pool }} dir --target {{ libvirt_storage_pool_path }}'
- when: pool_info_result.rc == 1
+- name: Create the libvirt storage pool for OpenShift
+ virt_pool:
+ name: '{{ libvirt_storage_pool }}'
+ state: '{{ item }}'
+ autostart: 'yes'
+ xml: "{{ lookup('template', 'storage-pool.xml') }}"
+ uri: '{{ libvirt_uri }}'
+ with_items:
+ - present
+ - active
diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
index cc34d0ef9..e0afc43ba 100644
--- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
+++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml
@@ -134,4 +134,4 @@
delay: 1
with_together:
- '{{ instances }}'
- - '{{ ips }}' \ No newline at end of file
+ - '{{ ips }}'
diff --git a/playbooks/libvirt/openshift-cluster/templates/network.xml b/playbooks/libvirt/openshift-cluster/templates/network.xml
index 050bc7ab9..0ce2a8342 100644
--- a/playbooks/libvirt/openshift-cluster/templates/network.xml
+++ b/playbooks/libvirt/openshift-cluster/templates/network.xml
@@ -1,5 +1,5 @@
<network>
- <name>openshift-ansible</name>
+ <name>{{ libvirt_network }}</name>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
diff --git a/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml
new file mode 100644
index 000000000..da139afd0
--- /dev/null
+++ b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml
@@ -0,0 +1,6 @@
+<pool type='dir'>
+ <name>{{ libvirt_storage_pool }}</name>
+ <target>
+ <path>{{ libvirt_storage_pool_path }}</path>
+ </target>
+</pool>
diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
index 2d0098784..458cf5ac7 100644
--- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
+++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml
@@ -42,6 +42,12 @@ parameters:
description: Source of legitimate ssh connections
default: 0.0.0.0/0
+ node_port_incoming:
+ type: string
+ label: Source of node port connections
+ description: Authorized sources targetting node ports
+ default: 0.0.0.0/0
+
num_etcd:
type: number
label: Number of etcd nodes
@@ -393,6 +399,11 @@ resources:
port_range_min: 4789
port_range_max: 4789
remote_mode: remote_group_id
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 30000
+ port_range_max: 32767
+ remote_ip_prefix: { get_param: node_port_incoming }
infra-secgrp:
type: OS::Neutron::SecurityGroup
diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml
index b9aae2f4c..5cf543204 100644
--- a/playbooks/openstack/openshift-cluster/launch.yml
+++ b/playbooks/openstack/openshift-cluster/launch.yml
@@ -33,6 +33,7 @@
-P external_net={{ openstack_network_external_net }}
-P ssh_public_key="{{ openstack_ssh_public_key }}"
-P ssh_incoming={{ openstack_ssh_access_from }}
+ -P node_port_incoming={{ openstack_node_port_access_from }}
-P num_etcd={{ num_etcd }}
-P num_masters={{ num_masters }}
-P num_nodes={{ num_nodes }}
@@ -48,6 +49,8 @@
-P infra_flavor={{ openstack_flavor["infra"] }}
-P dns_flavor={{ openstack_flavor["dns"] }}
openshift-ansible-{{ cluster_id }}-stack'
+ args:
+ chdir: '{{ playbook_dir }}'
- name: Wait for OpenStack Stack readiness
shell: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack | awk ''$2 == "stack_status" {print $4}'''
@@ -107,9 +110,9 @@
openshift_node_labels:
type: "etcd"
with_together:
- - parsed_outputs.etcd_names
- - parsed_outputs.etcd_ips
- - parsed_outputs.etcd_floating_ips
+ - '{{ parsed_outputs.etcd_names }}'
+ - '{{ parsed_outputs.etcd_ips }}'
+ - '{{ parsed_outputs.etcd_floating_ips }}'
- name: Add new master instances groups and variables
add_host:
@@ -121,9 +124,9 @@
openshift_node_labels:
type: "master"
with_together:
- - parsed_outputs.master_names
- - parsed_outputs.master_ips
- - parsed_outputs.master_floating_ips
+ - '{{ parsed_outputs.master_names }}'
+ - '{{ parsed_outputs.master_ips }}'
+ - '{{ parsed_outputs.master_floating_ips }}'
- name: Add new node instances groups and variables
add_host:
@@ -135,9 +138,9 @@
openshift_node_labels:
type: "compute"
with_together:
- - parsed_outputs.node_names
- - parsed_outputs.node_ips
- - parsed_outputs.node_floating_ips
+ - '{{ parsed_outputs.node_names }}'
+ - '{{ parsed_outputs.node_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
- name: Add new infra instances groups and variables
add_host:
@@ -149,9 +152,9 @@
openshift_node_labels:
type: "infra"
with_together:
- - parsed_outputs.infra_names
- - parsed_outputs.infra_ips
- - parsed_outputs.infra_floating_ips
+ - '{{ parsed_outputs.infra_names }}'
+ - '{{ parsed_outputs.infra_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
- name: Add DNS groups and variables
add_host:
@@ -166,10 +169,10 @@
host: '{{ item }}'
port: 22
with_flattened:
- - parsed_outputs.master_floating_ips
- - parsed_outputs.node_floating_ips
- - parsed_outputs.infra_floating_ips
- - parsed_outputs.dns_floating_ip
+ - '{{ parsed_outputs.master_floating_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
+ - '{{ parsed_outputs.dns_floating_ip }}'
- name: Wait for user setup
command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup'
@@ -178,10 +181,10 @@
retries: 30
delay: 1
with_flattened:
- - parsed_outputs.master_floating_ips
- - parsed_outputs.node_floating_ips
- - parsed_outputs.infra_floating_ips
- - parsed_outputs.dns_floating_ip
+ - '{{ parsed_outputs.master_floating_ips }}'
+ - '{{ parsed_outputs.node_floating_ips }}'
+ - '{{ parsed_outputs.infra_floating_ips }}'
+ - '{{ parsed_outputs.dns_floating_ip }}'
- include: update.yml
diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml
index ba9c6bf9c..60372e262 100644
--- a/playbooks/openstack/openshift-cluster/list.yml
+++ b/playbooks/openstack/openshift-cluster/list.yml
@@ -17,7 +17,7 @@
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}"
ansible_become: "{{ deployment_vars[deployment_type].become }}"
- with_items: groups[scratch_group] | default([]) | difference(['localhost'])
+ with_items: "{{ groups[scratch_group] | default([]) | difference(['localhost']) }}"
- name: List Hosts
hosts: oo_list_hosts
diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml
index 5bd8476f1..980ab7337 100644
--- a/playbooks/openstack/openshift-cluster/terminate.yml
+++ b/playbooks/openstack/openshift-cluster/terminate.yml
@@ -11,7 +11,7 @@
groups: oo_hosts_to_terminate
ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}"
ansible_become: "{{ deployment_vars[deployment_type].become }}"
- with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([]))
+ with_items: "{{ (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) }}"
- name: Unsubscribe VMs
hosts: oo_hosts_to_terminate
diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml
index bc53a51b0..17063ef34 100644
--- a/playbooks/openstack/openshift-cluster/vars.yml
+++ b/playbooks/openstack/openshift-cluster/vars.yml
@@ -12,6 +12,8 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k
default('~/.ssh/id_rsa.pub', True)) }}"
openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') |
default('0.0.0.0/0', True) }}"
+openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from') |
+ default('0.0.0.0/0', True) }}"
openstack_flavor:
dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}"
etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}"
diff --git a/roles/cockpit-ui/meta/main.yml b/roles/cockpit-ui/meta/main.yml
new file mode 100644
index 000000000..6ad2e324a
--- /dev/null
+++ b/roles/cockpit-ui/meta/main.yml
@@ -0,0 +1,13 @@
+---
+galaxy_info:
+ author: Samuel Munilla
+ description: Deploy and Enable cockpit-ui
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
new file mode 100644
index 000000000..c752bcff1
--- /dev/null
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+- name: Expose docker-registry
+ command: >
+ {{ openshift.common.client_binary }} expose service docker-registry -n default
+ register: expose_docker_registry
+ changed_when: "'already exists' not in expose_docker_registry.stderr"
+ failed_when: "'already exists' not in expose_docker_registry.stderr and expose_docker_registry.rc != 0"
+
+- name: Create passthrough route for registry-console
+ command: >
+ {{ openshift.common.client_binary }} create route passthrough
+ --service registry-console
+ --port registry-console
+ -n default
+ register: create_registry_console_route
+ changed_when: "'already exists' not in create_registry_console_route.stderr"
+ failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0"
+
+- name: Retrieve docker-registry route
+ command: "{{ openshift.common.client_binary }} get route docker-registry -n default --template='{{ '{{' }} .spec.host {{ '}}' }}'"
+ register: docker_registry_route
+ failed_when: false
+ changed_when: false
+
+- name: Retrieve cockpit kube url
+ command: "{{ openshift.common.client_binary }} get route registry-console -n default --template='https://{{ '{{' }} .spec.host {{ '}}' }}'"
+ register: registry_console_cockpit_kube_url
+ failed_when: false
+ changed_when: false
+
+- set_fact:
+ cockpit_image_prefix: "{{ '-p IMAGE_PREFIX=' ~ openshift_cockpit_deployer_prefix | default('') }}"
+
+- name: Deploy registry-console
+ command: >
+ {{ openshift.common.client_binary }} new-app --template=registry-console
+ {{ cockpit_image_prefix }}
+ -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
+ -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80"
+ -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}"
+ -n default
+ register: deploy_registry_console
+ changed_when: "'already exists' not in deploy_registry_console.stderr"
+ failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 87a4e7af0..a89f5b91a 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -67,7 +67,7 @@
dest: /etc/sysconfig/docker
regexp: '^{{ item.reg_conf_var }}=.*$'
line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
- when: item.reg_fact_val != '' and docker_check.stat.isreg
+ when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg
with_items:
- reg_conf_var: ADD_REGISTRY
reg_fact_val: "{{ docker_additional_registries | default(None, true)}}"
@@ -96,7 +96,8 @@
reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
notify:
- restart docker
- when: "{{ 'http_proxy' in openshift.common or 'https_proxy' in openshift.common and docker_check.stat.isreg }}"
+ when:
+ - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common'
- name: Set various Docker options
lineinfile:
@@ -108,7 +109,7 @@
{% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
{% if docker_options is defined %} {{ docker_options }}{% endif %}\
{% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'"
- when: docker_check.stat.isreg
+ when: docker_check.stat.isreg is defined and docker_check.stat.isreg
notify:
- restart docker
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml
index 7156a9fff..cfd72dfbc 100644
--- a/roles/etcd/meta/main.yml
+++ b/roles/etcd/meta/main.yml
@@ -7,7 +7,7 @@ galaxy_info:
description: etcd management
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.2
+ min_ansible_version: 2.1
platforms:
- name: EL
versions:
@@ -22,4 +22,4 @@ dependencies:
port: "{{etcd_client_port}}/tcp"
- service: etcd peering
port: "{{ etcd_peer_port }}/tcp"
-- role: etcd_common
+- role: etcd_server_certificates
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 75d40216d..ba4136327 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -58,30 +58,6 @@
group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
mode: 0700
-- name: Validate permissions on certificate files
- file:
- path: "{{ item }}"
- mode: 0600
- owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
- group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
- when: etcd_url_scheme == 'https'
- with_items:
- - "{{ etcd_ca_file }}"
- - "{{ etcd_cert_file }}"
- - "{{ etcd_key_file }}"
-
-- name: Validate permissions on peer certificate files
- file:
- path: "{{ item }}"
- mode: 0600
- owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
- group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
- when: etcd_peer_url_scheme == 'https'
- with_items:
- - "{{ etcd_peer_ca_file }}"
- - "{{ etcd_peer_cert_file }}"
- - "{{ etcd_peer_key_file }}"
-
- name: Write etcd global config file
template:
src: etcd.conf.j2
diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2
index cd048ec60..7ccf78212 100644
--- a/roles/etcd/templates/etcd.conf.j2
+++ b/roles/etcd/templates/etcd.conf.j2
@@ -1,5 +1,5 @@
{% macro initial_cluster() -%}
-{% for host in etcd_peers -%}
+{% for host in etcd_peers | default([]) -%}
{% if loop.last -%}
{{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}
{%- else -%}
diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml
index d02456ca3..e3e2f7781 100644
--- a/roles/etcd_ca/meta/main.yml
+++ b/roles/etcd_ca/meta/main.yml
@@ -1,10 +1,10 @@
---
galaxy_info:
author: Jason DeTiberus
- description:
+ description: Etcd CA
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.9
+ min_ansible_version: 2.1
platforms:
- name: EL
versions:
@@ -13,4 +13,4 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: etcd_common }
+- role: etcd_common
diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml
index e1bb9baed..865074e41 100644
--- a/roles/etcd_ca/tasks/main.yml
+++ b/roles/etcd_ca/tasks/main.yml
@@ -2,6 +2,8 @@
- name: Install openssl
action: "{{ ansible_pkg_mgr }} name=openssl state=present"
when: not etcd_is_atomic | bool
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- file:
path: "{{ item }}"
@@ -13,29 +15,41 @@
- "{{ etcd_ca_new_certs_dir }}"
- "{{ etcd_ca_crl_dir }}"
- "{{ etcd_ca_dir }}/fragments"
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- command: cp /etc/pki/tls/openssl.cnf ./
args:
chdir: "{{ etcd_ca_dir }}/fragments"
creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf"
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- template:
dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf"
src: openssl_append.j2
backup: true
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- assemble:
src: "{{ etcd_ca_dir }}/fragments"
dest: "{{ etcd_openssl_conf }}"
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- command: touch {{ etcd_ca_db }}
args:
creates: "{{ etcd_ca_db }}"
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- copy:
dest: "{{ etcd_ca_serial }}"
content: "01"
force: no
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
- command: >
openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096
@@ -48,3 +62,5 @@
creates: "{{ etcd_ca_cert }}"
environment:
SAN: 'etcd-signer'
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
deleted file mode 100644
index b497a46c0..000000000
--- a/roles/etcd_certificates/tasks/client.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-- name: Ensure generated_certs directory present
- file:
- path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- state: directory
- mode: 0700
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
-
-- name: Create the client csr
- command: >
- openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key
- -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}client.csr
- -reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.etcd_hostname }}
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'client.csr' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
-
-- name: Sign and create the client crt
- command: >
- openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}client.crt
- -in {{ item.etcd_cert_prefix }}client.csr
- -batch
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'client.crt' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
-
-- file:
- src: "{{ etcd_ca_cert }}"
- dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
- state: hard
- with_items: "{{ etcd_needing_client_certs | default([]) }}"
diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml
deleted file mode 100644
index 17092ca58..000000000
--- a/roles/etcd_certificates/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- include: client.yml
- when: etcd_needing_client_certs | default([]) | length > 0
-
-- include: server.yml
- when: etcd_needing_server_certs | default([]) | length > 0
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
deleted file mode 100644
index 934b8b805..000000000
--- a/roles/etcd_certificates/tasks/server.yml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-- name: Ensure generated_certs directory present
- file:
- path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- state: directory
- mode: 0700
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-- name: Create the server csr
- command: >
- openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key
- -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}server.csr
- -reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.etcd_hostname }}
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'server.csr' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-- name: Sign and create the server crt
- command: >
- openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}server.crt
- -in {{ item.etcd_cert_prefix }}server.csr
- -extensions {{ etcd_ca_exts_server }} -batch
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'server.crt' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-- name: Create the peer csr
- command: >
- openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key
- -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}peer.csr
- -reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.etcd_hostname }}
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'peer.csr' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-- name: Sign and create the peer crt
- command: >
- openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
- -out {{ item.etcd_cert_prefix }}peer.crt
- -in {{ item.etcd_cert_prefix }}peer.csr
- -extensions {{ etcd_ca_exts_peer }} -batch
- args:
- chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
- creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
- ~ item.etcd_cert_prefix ~ 'peer.crt' }}"
- environment:
- SAN: "IP:{{ item.etcd_ip }}"
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
-
-- file:
- src: "{{ etcd_ca_cert }}"
- dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
- state: hard
- with_items: "{{ etcd_needing_server_certs | default([]) }}"
diff --git a/roles/etcd_certificates/README.md b/roles/etcd_client_certificates/README.md
index 95f8f8aab..269d5296d 100644
--- a/roles/etcd_certificates/README.md
+++ b/roles/etcd_client_certificates/README.md
@@ -1,5 +1,5 @@
-OpenShift etcd certificates
-========================
+OpenShift Etcd Certificates
+===========================
TODO
diff --git a/roles/etcd_client_certificates/library b/roles/etcd_client_certificates/library
new file mode 120000
index 000000000..494d3c39e
--- /dev/null
+++ b/roles/etcd_client_certificates/library
@@ -0,0 +1 @@
+../../library \ No newline at end of file
diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml
new file mode 100644
index 000000000..efebdb599
--- /dev/null
+++ b/roles/etcd_client_certificates/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: Etcd Client Certificates
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- role: etcd_common
diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml
new file mode 100644
index 000000000..275aa0a63
--- /dev/null
+++ b/roles/etcd_client_certificates/tasks/main.yml
@@ -0,0 +1,137 @@
+---
+- name: Ensure CA certificate exists on etcd_ca_host
+ stat:
+ path: "{{ etcd_ca_cert }}"
+ register: g_ca_cert_stat_result
+ delegate_to: "{{ etcd_ca_host }}"
+ run_once: true
+
+- fail:
+ msg: >
+ CA certificate {{ etcd_ca_cert }} doesn't exist on CA host
+ {{ etcd_ca_host }}. Apply 'etcd_ca' role to
+ {{ etcd_ca_host }}.
+ when: not g_ca_cert_stat_result.stat.exists | bool
+ run_once: true
+
+- name: Check status of external etcd certificatees
+ stat:
+ path: "{{ etcd_cert_config_dir }}/{{ item }}"
+ with_items:
+ - "{{ etcd_cert_prefix }}client.crt"
+ - "{{ etcd_cert_prefix }}client.key"
+ - "{{ etcd_cert_prefix }}ca.crt"
+ register: g_external_etcd_cert_stat_result
+ when: not etcd_certificates_redeploy | default(false) | bool
+
+- set_fact:
+ etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
+ else (False in (g_external_etcd_cert_stat_result.results
+ | default({})
+ | oo_collect(attribute='stat.exists')
+ | list)) }}"
+
+- name: Ensure generated_certs directory present
+ file:
+ path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ state: directory
+ mode: 0700
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Create the client csr
+ command: >
+ openssl req -new -keyout {{ etcd_cert_prefix }}client.key
+ -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}client.csr
+ -reqexts {{ etcd_req_ext }} -batch -nodes
+ -subj /CN={{ etcd_hostname }}
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'client.csr' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+# Certificates must be signed serially in order to avoid competing
+# for the serial file.
+- name: Sign and create the client crt
+ delegated_serial_command:
+ command: >
+ openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}client.crt
+ -in {{ etcd_cert_prefix }}client.csr
+ -batch
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'client.crt' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- file:
+ src: "{{ etcd_ca_cert }}"
+ dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt"
+ state: hard
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Create local temp directory for syncing certs
+ local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX
+ register: g_etcd_client_mktemp
+ changed_when: False
+ when: etcd_client_certs_missing | bool
+ delegate_to: localhost
+ become: no
+
+- name: Create a tarball of the etcd certs
+ command: >
+ tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz
+ -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
+ args:
+ creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Retrieve the etcd cert tarballs
+ fetch:
+ src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ g_etcd_client_mktemp.stdout }}/"
+ flat: yes
+ fail_on_missing: yes
+ validate_checksum: yes
+ when: etcd_client_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Ensure certificate directory exists
+ file:
+ path: "{{ etcd_cert_config_dir }}"
+ state: directory
+ when: etcd_client_certs_missing | bool
+
+- name: Unarchive etcd cert tarballs
+ unarchive:
+ src: "{{ g_etcd_client_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ etcd_cert_config_dir }}"
+ when: etcd_client_certs_missing | bool
+
+- file:
+ path: "{{ etcd_cert_config_dir }}/{{ item }}"
+ owner: root
+ group: root
+ mode: 0600
+ with_items:
+ - "{{ etcd_cert_prefix }}client.crt"
+ - "{{ etcd_cert_prefix }}client.key"
+ - "{{ etcd_cert_prefix }}ca.crt"
+ when: etcd_client_certs_missing | bool
+
+- name: Delete temporary directory
+ file: name={{ g_etcd_client_mktemp.stdout }} state=absent
+ changed_when: False
+ when: etcd_client_certs_missing | bool
+ delegate_to: localhost
+ become: no
diff --git a/roles/etcd_server_certificates/README.md b/roles/etcd_server_certificates/README.md
new file mode 100644
index 000000000..269d5296d
--- /dev/null
+++ b/roles/etcd_server_certificates/README.md
@@ -0,0 +1,34 @@
+OpenShift Etcd Certificates
+===========================
+
+TODO
+
+Requirements
+------------
+
+TODO
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Scott Dodson (sdodson@redhat.com)
diff --git a/roles/etcd_server_certificates/library b/roles/etcd_server_certificates/library
new file mode 120000
index 000000000..494d3c39e
--- /dev/null
+++ b/roles/etcd_server_certificates/library
@@ -0,0 +1 @@
+../../library \ No newline at end of file
diff --git a/roles/etcd_certificates/meta/main.yml b/roles/etcd_server_certificates/meta/main.yml
index 41370fab4..b453f2bd8 100644
--- a/roles/etcd_certificates/meta/main.yml
+++ b/roles/etcd_server_certificates/meta/main.yml
@@ -1,10 +1,10 @@
---
galaxy_info:
author: Jason DeTiberus
- description:
+ description: Etcd Server Certificates
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.8
+ min_ansible_version: 2.1
platforms:
- name: EL
versions:
@@ -13,4 +13,4 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: etcd_ca }
+- role: etcd_ca
diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml
new file mode 100644
index 000000000..718515023
--- /dev/null
+++ b/roles/etcd_server_certificates/tasks/main.yml
@@ -0,0 +1,179 @@
+---
+- name: Install etcd
+ action: "{{ ansible_pkg_mgr }} name=etcd state=present"
+ when: not etcd_is_containerized | bool
+
+- name: Check status of etcd certificates
+ stat:
+ path: "{{ etcd_cert_config_dir }}/{{ item }}"
+ with_items:
+ - "{{ etcd_cert_prefix }}server.crt"
+ - "{{ etcd_cert_prefix }}peer.crt"
+ - "{{ etcd_cert_prefix }}ca.crt"
+ register: g_etcd_server_cert_stat_result
+ when: not etcd_certificates_redeploy | default(false) | bool
+
+- set_fact:
+ etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
+ else (False in (g_etcd_server_cert_stat_result.results
+ | default({})
+ | oo_collect(attribute='stat.exists')
+ | list)) }}"
+
+- name: Ensure generated_certs directory present
+ file:
+ path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ state: directory
+ mode: 0700
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Create the server csr
+ command: >
+ openssl req -new -keyout {{ etcd_cert_prefix }}server.key
+ -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}server.csr
+ -reqexts {{ etcd_req_ext }} -batch -nodes
+ -subj /CN={{ etcd_hostname }}
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'server.csr' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+# Certificates must be signed serially in order to avoid competing
+# for the serial file.
+- name: Sign and create the server crt
+ delegated_serial_command:
+ command: >
+ openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}server.crt
+ -in {{ etcd_cert_prefix }}server.csr
+ -extensions {{ etcd_ca_exts_server }} -batch
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'server.crt' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Create the peer csr
+ command: >
+ openssl req -new -keyout {{ etcd_cert_prefix }}peer.key
+ -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}peer.csr
+ -reqexts {{ etcd_req_ext }} -batch -nodes
+ -subj /CN={{ etcd_hostname }}
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'peer.csr' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+# Certificates must be signed serially in order to avoid competing
+# for the serial file.
+- name: Sign and create the peer crt
+ delegated_serial_command:
+ command: >
+ openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+ -out {{ etcd_cert_prefix }}peer.crt
+ -in {{ etcd_cert_prefix }}peer.csr
+ -extensions {{ etcd_ca_exts_peer }} -batch
+ chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/'
+ ~ etcd_cert_prefix ~ 'peer.crt' }}"
+ environment:
+ SAN: "IP:{{ etcd_ip }}"
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- file:
+ src: "{{ etcd_ca_cert }}"
+ dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt"
+ state: hard
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Create local temp directory for syncing certs
+ local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX
+ become: no
+ register: g_etcd_server_mktemp
+ changed_when: False
+ when: etcd_server_certs_missing | bool
+ delegate_to: localhost
+
+- name: Create a tarball of the etcd certs
+ command: >
+ tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz
+ -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
+ args:
+ creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Retrieve etcd cert tarball
+ fetch:
+ src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ g_etcd_server_mktemp.stdout }}/"
+ flat: yes
+ fail_on_missing: yes
+ validate_checksum: yes
+ when: etcd_server_certs_missing | bool
+ delegate_to: "{{ etcd_ca_host }}"
+
+- name: Ensure certificate directory exists
+ file:
+ path: "{{ etcd_cert_config_dir }}"
+ state: directory
+ when: etcd_server_certs_missing | bool
+
+- name: Unarchive cert tarball
+ unarchive:
+ src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
+ dest: "{{ etcd_cert_config_dir }}"
+ when: etcd_server_certs_missing | bool
+
+- name: Delete temporary directory
+ file: name={{ g_etcd_server_mktemp.stdout }} state=absent
+ become: no
+ changed_when: False
+ when: etcd_server_certs_missing | bool
+ delegate_to: localhost
+
+- name: Validate permissions on certificate files
+ file:
+ path: "{{ item }}"
+ mode: 0600
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ when: etcd_url_scheme == 'https'
+ with_items:
+ - "{{ etcd_ca_file }}"
+ - "{{ etcd_cert_file }}"
+ - "{{ etcd_key_file }}"
+
+- name: Validate permissions on peer certificate files
+ file:
+ path: "{{ item }}"
+ mode: 0600
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ when: etcd_peer_url_scheme == 'https'
+ with_items:
+ - "{{ etcd_peer_ca_file }}"
+ - "{{ etcd_peer_cert_file }}"
+ - "{{ etcd_peer_key_file }}"
+
+- name: Validate permissions on the config dir
+ file:
+ path: "{{ etcd_conf_dir }}"
+ state: directory
+ owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
+ mode: 0700
diff --git a/roles/flannel/README.md b/roles/flannel/README.md
index 8f271aada..84e2c5c49 100644
--- a/roles/flannel/README.md
+++ b/roles/flannel/README.md
@@ -13,15 +13,15 @@ to 0.3.
Role Variables
--------------
-| Name | Default value | Description |
-|---------------------|-----------------------------------------|-----------------------------------------------|
-| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication |
-| flannel_etcd_key | /openshift.com/network | etcd prefix |
-| etcd_hosts | etcd_urls | a list of etcd endpoints |
-| etcd_conf_dir | {{ openshift.common.config_base }}/node | SSL certificates directory |
-| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd |
-| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd |
-| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd |
+| Name | Default value | Description |
+|----------------------|-----------------------------------------|-----------------------------------------------|
+| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication |
+| flannel_etcd_key | /openshift.com/network | etcd prefix |
+| etcd_hosts | etcd_urls | a list of etcd endpoints |
+| etcd_cert_config_dir | {{ openshift.common.config_base }}/node | SSL certificates directory |
+| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd |
+| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd |
+| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd |
Dependencies
------------
diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml
index 34cebda9c..988731ef2 100644
--- a/roles/flannel/defaults/main.yaml
+++ b/roles/flannel/defaults/main.yaml
@@ -2,7 +2,6 @@
flannel_interface: "{{ ansible_default_ipv4.interface }}"
flannel_etcd_key: /openshift.com/network
etcd_hosts: "{{ etcd_urls }}"
-etcd_conf_dir: "{{ openshift.common.config_base }}/node"
-etcd_peer_ca_file: "{{ etcd_conf_dir }}/{{ 'ca' if (embedded_etcd | bool) else 'node.etcd-ca' }}.crt"
-etcd_peer_cert_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.crt"
-etcd_peer_key_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.key"
+etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt"
+etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt"
+etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key"
diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml
index 909bdbfa4..616ae61d2 100644
--- a/roles/flannel/meta/main.yml
+++ b/roles/flannel/meta/main.yml
@@ -4,7 +4,7 @@ galaxy_info:
description: flannel management
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.2
+ min_ansible_version: 2.1
platforms:
- name: EL
versions:
@@ -13,4 +13,6 @@ galaxy_info:
- cloud
- system
dependencies:
-- { role: openshift_facts }
+- role: openshift_facts
+- role: openshift_etcd_client_certificates
+ etcd_cert_prefix: flannel.etcd-
diff --git a/roles/flannel_register/README.md b/roles/flannel_register/README.md
index 623c4c7cf..20a07c35e 100644
--- a/roles/flannel_register/README.md
+++ b/roles/flannel_register/README.md
@@ -16,7 +16,7 @@ Role Variables
|---------------------|----------------------------------------------------|-------------------------------------------------|
| flannel_network | {{ openshift.common.portal_net }} or 172.16.1.1/16 | interface to use for inter-host communication |
| flannel_min_network | {{ min_network }} or 172.16.5.0 | beginning of IP range for the subnet allocation |
-| flannel_subnet_len | /openshift.com/network | size of the subnet allocated to each host |
+| flannel_subnet_len | 24 | size of the subnet allocated to each host |
| flannel_etcd_key | /openshift.com/network | etcd prefix |
| etcd_hosts | etcd_urls | a list of etcd endpoints |
| etcd_conf_dir | {{ openshift.common.config_base }}/master | SSL certificates directory |
diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml
index a08aa1686..444c5b77e 100644
--- a/roles/openshift_ca/meta/main.yml
+++ b/roles/openshift_ca/meta/main.yml
@@ -15,3 +15,4 @@ galaxy_info:
dependencies:
- role: openshift_repos
- role: openshift_cli
+- role: openshift_named_certificates
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 4d9768ce7..bb89b65a6 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -3,6 +3,10 @@
msg: "openshift_ca_host variable must be defined for this role"
when: openshift_ca_host is not defined
+- fail:
+ msg: "Both 'certfile' and 'keyfile' keys must be supplied when configuring openshift_master_ca_certificate"
+ when: openshift_master_ca_certificate is defined and ('certfile' not in openshift_master_ca_certificate or 'keyfile' not in openshift_master_ca_certificate)
+
- name: Install the base package for admin tooling
action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present"
when: not openshift.common.is_containerized | bool
@@ -28,26 +32,82 @@
path: "{{ openshift_ca_config_dir }}/{{ item }}"
register: g_master_ca_stat_result
with_items:
+ - ca-bundle.crt
- ca.crt
- ca.key
delegate_to: "{{ openshift_ca_host }}"
run_once: true
- set_fact:
- master_ca_missing: "{{ False in (g_master_ca_stat_result.results
- | oo_collect(attribute='stat.exists')
- | list) }}"
+ master_ca_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool
+ else False in (g_master_ca_stat_result.results
+ | oo_collect(attribute='stat.exists')
+ | list) }}"
+ run_once: true
+
+- name: Retain original serviceaccount keys
+ copy:
+ src: "{{ item }}"
+ dest: "{{ item }}.keep"
+ remote_src: true
+ with_items:
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key"
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key"
+ when: openshift_certificates_redeploy | default(false) | bool
+
+- name: Deploy master ca certificate
+ copy:
+ src: "{{ item.src }}"
+ dest: "{{ openshift_ca_config_dir }}/{{ item.dest }}"
+ force: "{{ true if openshift_certificates_redeploy_ca | default(false) | bool else false }}"
+ with_items:
+ - src: "{{ (openshift_master_ca_certificate | default({'certfile':none})).certfile }}"
+ dest: ca.crt
+ - src: "{{ (openshift_master_ca_certificate | default({'keyfile':none})).keyfile }}"
+ dest: ca.key
+ when: openshift_master_ca_certificate is defined
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create ca serial
+ copy:
+ content: "1"
+ dest: "{{ openshift_ca_config_dir }}/ca.serial.txt"
+ force: "{{ true if openshift_certificates_redeploy | default(false) | bool else false }}"
+ when: openshift_master_ca_certificate is defined
delegate_to: "{{ openshift_ca_host }}"
run_once: true
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ openshift_master_hostnames | join(',') }}
- --master={{ openshift.master.api_url }}
- --public-master={{ openshift.master.public_api_url }}
- --cert-dir={{ openshift_ca_config_dir }}
- --overwrite=false
- when: hostvars[openshift_ca_host].master_ca_missing | bool
+ {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
+ --certificate-authority {{ named_ca_certificate }}
+ {% endfor %}
+ --hostnames={{ openshift_master_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_ca_config_dir }}
+ --overwrite=false
+ when: master_ca_missing | bool
delegate_to: "{{ openshift_ca_host }}"
run_once: true
+
+- name: Restore original serviceaccount keys
+ copy:
+ src: "{{ item }}.keep"
+ dest: "{{ item }}"
+ remote_src: true
+ with_items:
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key"
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key"
+ when: openshift_certificates_redeploy | default(false) | bool
+
+- name: Remove backup serviceaccount keys
+ file:
+ path: "{{ item }}.keep"
+ state: absent
+ with_items:
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key"
+ - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key"
+ when: openshift_certificates_redeploy | default(false) | bool
diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml
index 6111d1207..e217e37ea 100644
--- a/roles/openshift_cloud_provider/tasks/main.yml
+++ b/roles/openshift_cloud_provider/tasks/main.yml
@@ -2,12 +2,8 @@
- name: Set cloud provider facts
openshift_facts:
role: cloudprovider
- openshift_env: "{{ hostvars
- | oo_merge_hostvars(vars, inventory_hostname)
- | oo_openshift_env }}"
- openshift_env_structures:
- - 'openshift.cloudprovider.aws.*'
- - 'openshift.cloudprovider.openstack.*'
+ local_facts:
+ kind: "{{ openshift_cloudprovider_kind | default(None) }}"
- name: Create cloudprovider config dir
file:
diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml
index c501121e5..f22dd4520 100644
--- a/roles/openshift_cloud_provider/tasks/openstack.yml
+++ b/roles/openshift_cloud_provider/tasks/openstack.yml
@@ -7,4 +7,4 @@
template:
dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf"
src: openstack.conf.j2
- when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)"
+ when: "openshift_cloudprovider_openstack_auth_url is defined and openshift_cloudprovider_openstack_username is defined and openshift_cloudprovider_openstack_password is defined and (openshift_cloudprovider_openstack_tenant_id is defined or openshift_cloudprovider_openstack_tenant_name is defined)"
diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2
index 8a06b3a08..ce452db24 100644
--- a/roles/openshift_cloud_provider/templates/openstack.conf.j2
+++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2
@@ -1,16 +1,16 @@
[Global]
-auth-url = {{ openshift.cloudprovider.openstack.auth_url }}
-username = {{ openshift.cloudprovider.openstack.username }}
-password = {{ openshift.cloudprovider.openstack.password }}
-{% if 'tenant_id' in openshift.cloudprovider.openstack %}
-tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }}
+auth-url = {{ openshift_cloudprovider_openstack_auth_url }}
+username = {{ openshift_cloudprovider_openstack_username }}
+password = {{ openshift_cloudprovider_openstack_password }}
+{% if openshift_cloudprovider_openstack_tenant_id is defined %}
+tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }}
{% else %}
-tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }}
+tenant-name = {{ openshift_cloudprovider_openstack_tenant_name }}
{% endif %}
-{% if 'region' in openshift.cloudprovider.openstack %}
-region = {{ openshift.cloudprovider.openstack.region }}
+{% if openshift_cloudprovider_openstack_region is defined %}
+region = {{ openshift_cloudprovider_openstack_region }}
{% endif %}
-{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %}
+{% if openshift_cloudprovider_openstack_lb_subnet_id is defined %}
[LoadBalancer]
-subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }}
+subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }}
{% endif %}
diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml
index c608e9b54..83bf6edc8 100644
--- a/roles/openshift_cloud_provider/vars/main.yml
+++ b/roles/openshift_cloud_provider/vars/main.yml
@@ -1,4 +1,4 @@
---
-has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}"
-cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}"
-cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}"
+has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}"
+cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}"
+cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}"
diff --git a/roles/openshift_cluster_metrics/README.md b/roles/openshift_cluster_metrics/README.md
deleted file mode 100644
index 9fdfab8e3..000000000
--- a/roles/openshift_cluster_metrics/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-#openshift_cluster_metrics
-
-This role configures Cluster wide metrics. It does setting up three services:
-* Metrics are stored in InfluxDB for querying.
-* Heapster reads all nodes and pods from the master, then connects to eachs node's kubelet to retrieve pod metrics.
-* Grafan allows users to create dashboards of metrics from InfluxDB
-
-## Requirements
-
-Running OpenShift cluster
-
-## Role Variables
-
-```
-# Enable cluster metrics
-use_cluster_metrics=true
-```
-
-## Dependencies
-
-None
-
-## Example Playbook
-
-TODO
-
-## Security Note
-Opening up the read-only port exposes information about the running pods (such as namespace, pod name, labels, etc.) to unauthenticated clients. The requirement to open up this read-only port will be fixed in future versions.
-
-##License
-
-Apache License, Version 2.0
-
-## Author Information
-
-Diego Castro (diego.castro@getupcloud.com)
diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml
deleted file mode 100644
index bff422efc..000000000
--- a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-apiVersion: "v1"
-kind: "List"
-items:
- -
- apiVersion: "v1"
- kind: "Service"
- metadata:
- labels:
- provider: "fabric8"
- component: "grafana"
- name: "grafana"
- spec:
- ports:
- -
- port: 80
- targetPort: "http"
- selector:
- provider: "fabric8"
- component: "grafana"
- -
- apiVersion: "v1"
- kind: "ReplicationController"
- metadata:
- labels:
- provider: "fabric8"
- component: "grafana"
- name: "grafana"
- spec:
- replicas: 1
- selector:
- provider: "fabric8"
- component: "grafana"
- template:
- metadata:
- labels:
- provider: "fabric8"
- component: "grafana"
- spec:
- containers:
- -
- env:
- -
- name: "INFLUXDB_SERVICE_NAME"
- value: "INFLUXDB_MONITORING"
- -
- name: "GRAFANA_DEFAULT_DASHBOARD"
- value: "/dashboard/file/kubernetes.json"
- image: "fabric8/grafana:1.9.1_2"
- name: "grafana"
- ports:
- -
- containerPort: 3000
- name: "http" \ No newline at end of file
diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml
deleted file mode 100644
index 1de2ad699..000000000
--- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: heapster \ No newline at end of file
diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml
deleted file mode 100644
index 83e314074..000000000
--- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: "v1"
-kind: "List"
-items:
- -
- apiVersion: "v1"
- kind: "ReplicationController"
- metadata:
- labels:
- provider: "fabric8"
- component: "heapster"
- name: "heapster"
- spec:
- replicas: 1
- selector:
- provider: "fabric8"
- component: "heapster"
- template:
- metadata:
- labels:
- provider: "fabric8"
- component: "heapster"
- spec:
- containers:
- -
- args:
- - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true"
- - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086"
- image: "kubernetes/heapster:V0.14.2"
- name: "heapster"
- serviceAccount: "heapster" \ No newline at end of file
diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml
deleted file mode 100644
index 6f67c3d7c..000000000
--- a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: "v1"
-kind: "List"
-items:
- -
- apiVersion: "v1"
- kind: "Service"
- metadata:
- labels:
- provider: "fabric8"
- component: "influxdb-monitoring"
- name: "influxdb-monitoring"
- spec:
- ports:
- -
- port: 8086
- targetPort: "http"
- selector:
- provider: "fabric8"
- component: "influxdb-monitoring"
- -
- apiVersion: "v1"
- kind: "ReplicationController"
- metadata:
- labels:
- provider: "fabric8"
- component: "influxdb-monitoring"
- name: "influxdb-monitoring"
- spec:
- replicas: 1
- selector:
- provider: "fabric8"
- component: "influxdb-monitoring"
- template:
- metadata:
- labels:
- provider: "fabric8"
- component: "influxdb-monitoring"
- spec:
- containers:
- -
- env:
- -
- name: "PRE_CREATE_DB"
- value: "k8s;grafana"
- image: "fabric8/influxdb:0.8.8"
- name: "influxdb"
- ports:
- -
- containerPort: 8090
- name: "raft"
- -
- containerPort: 8099
- name: "protobuf"
- -
- containerPort: 8083
- name: "admin"
- -
- containerPort: 8086
- name: "http"
- volumeMounts:
- -
- mountPath: "/data"
- name: "influxdb-data"
- volumes:
- -
- emptyDir:
- name: "influxdb-data" \ No newline at end of file
diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml
deleted file mode 100644
index 1fc8a074a..000000000
--- a/roles/openshift_cluster_metrics/tasks/main.yml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-
-- name: Install cluster metrics templates
- copy:
- src: cluster-metrics
- dest: /etc/origin/
-
-- name: Create InfluxDB Services
- command: >
- {{ openshift.common.client_binary }} create -f
- /etc/origin/cluster-metrics/influxdb.yaml
- register: oex_influxdb_services
- failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0"
- changed_when: false
-
-- name: Create Heapster Service Account
- command: >
- {{ openshift.common.client_binary }} create -f
- /etc/origin/cluster-metrics/heapster-serviceaccount.yaml
- register: oex_heapster_serviceaccount
- failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0"
- changed_when: false
-
-- name: Add cluster-reader role to Heapster
- command: >
- {{ openshift.common.admin_binary }} policy
- add-cluster-role-to-user
- cluster-reader
- system:serviceaccount:default:heapster
- register: oex_cluster_header_role
- failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0"
- changed_when: false
-
-- name: Create Heapster Services
- command: >
- {{ openshift.common.client_binary }} create -f
- /etc/origin/cluster-metrics/heapster.yaml
- register: oex_heapster_services
- failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
- changed_when: false
-
-- name: Create Grafana Services
- command: >
- {{ openshift.common.client_binary }} create -f
- /etc/origin/cluster-metrics/grafana.yaml
- register: oex_grafana_services
- failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0"
- changed_when: false
-
diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml
index ece335fbf..f10a77697 100644
--- a/roles/openshift_common/tasks/main.yml
+++ b/roles/openshift_common/tasks/main.yml
@@ -1,11 +1,11 @@
---
- fail:
- msg: Flannel can not be used with openshift sdn
- when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool
+ msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel
+ when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool
- fail:
- msg: Nuage sdn can not be used with openshift sdn
- when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool
+ msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage
+ when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool
- fail:
msg: Nuage sdn can not be used with flannel
diff --git a/roles/openshift_etcd_client_certificates/meta/main.yml b/roles/openshift_etcd_client_certificates/meta/main.yml
new file mode 100644
index 000000000..3268c390f
--- /dev/null
+++ b/roles/openshift_etcd_client_certificates/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: OpenShift Etcd Client Certificates
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_etcd_facts
+- role: etcd_client_certificates
diff --git a/roles/openshift_etcd_facts/tasks/main.yml b/roles/openshift_etcd_facts/tasks/main.yml
new file mode 100644
index 000000000..22fb39006
--- /dev/null
+++ b/roles/openshift_etcd_facts/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- openshift_facts:
+ role: etcd
+ local_facts:
+ etcd_image: "{{ osm_etcd_image | default(None) }}"
diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml
index 6f3894565..cae15d61a 100644
--- a/roles/openshift_etcd_facts/vars/main.yml
+++ b/roles/openshift_etcd_facts/vars/main.yml
@@ -3,3 +3,8 @@ etcd_is_containerized: "{{ openshift.common.is_containerized }}"
etcd_is_atomic: "{{ openshift.common.is_atomic }}"
etcd_hostname: "{{ openshift.common.hostname }}"
etcd_ip: "{{ openshift.common.ip }}"
+etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}"
+etcd_cert_prefix:
+etcd_cert_config_dir: /etc/etcd
+etcd_peer_url_scheme: https
+etcd_url_scheme: https
diff --git a/roles/openshift_etcd_server_certificates/meta/main.yml b/roles/openshift_etcd_server_certificates/meta/main.yml
new file mode 100644
index 000000000..7750f14af
--- /dev/null
+++ b/roles/openshift_etcd_server_certificates/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: OpenShift Etcd Server Certificates
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: openshift_etcd_facts
+- role: etcd_server_certificates
diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml
index 0f5189974..e843049f9 100644
--- a/roles/openshift_examples/defaults/main.yml
+++ b/roles/openshift_examples/defaults/main.yml
@@ -11,13 +11,17 @@ content_version: "{{ openshift.common.examples_content_version }}"
examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples"
image_streams_base: "{{ examples_base }}/image-streams"
centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json"
-rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json"
+rhel_image_streams:
+ - "{{ image_streams_base}}/image-streams-rhel7.json"
+ - "{{ image_streams_base}}/dotnet_imagestreams.json"
db_templates_base: "{{ examples_base }}/db-templates"
xpaas_image_streams: "{{ examples_base }}/xpaas-streams/"
xpaas_templates_base: "{{ examples_base }}/xpaas-templates"
quickstarts_base: "{{ examples_base }}/quickstart-templates"
infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin"
infrastructure_enterprise_base: "{{ examples_base }}/infrastructure-templates/enterprise"
+cockpit_ui_base: "{{ examples_base }}/infrastructure-templates/enterprise"
+
openshift_examples_import_command: "create"
registry_url: ""
diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh
index ef2da946a..1ad0d93a2 100755
--- a/roles/openshift_examples/examples-sync.sh
+++ b/roles/openshift_examples/examples-sync.sh
@@ -5,11 +5,11 @@
#
# This script should be run from openshift-ansible/roles/openshift_examples
-XPAAS_VERSION=ose-v1.3.1
+XPAAS_VERSION=ose-v1.3.3
ORIGIN_VERSION=${1:-v1.3}
EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION}
find ${EXAMPLES_BASE} -name '*.json' -delete
-find ${EXAMPLES_BASE} -name '*.yaml' -delete
+find ${EXAMPLES_BASE} -name '*.yaml' -delete -exclude registry-console.json
TEMP=`mktemp -d`
pushd $TEMP
@@ -29,7 +29,6 @@ unzip cakephp-ex-master.zip
unzip application-templates-master.zip
cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/
cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/
-cp origin-master/examples/jenkins/pipeline/jenkinstemplate.json ${EXAMPLES_BASE}/quickstart-templates/
cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/
cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/
cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/
@@ -39,7 +38,7 @@ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates
mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/
find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json
-
+wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json
wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml
wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml
wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml
diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest
index f7e713306..26e5d1951 120000
--- a/roles/openshift_examples/files/examples/latest
+++ b/roles/openshift_examples/files/examples/latest
@@ -1 +1 @@
-v1.2 \ No newline at end of file
+v1.3 \ No newline at end of file
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json
new file mode 100644
index 000000000..64b004ff4
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json
@@ -0,0 +1,184 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mariadb-ephemeral",
+ "annotations": {
+ "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
+ "iconClass": "icon-mariadb",
+ "tags": "database,mariadb"
+ }
+ },
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "mariadb",
+ "port": 3306
+ }
+ ],
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "mariadb"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "mariadb:10.1",
+ "namespace": "${NAMESPACE}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "labels": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "mariadb",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 3306
+ }
+ ],
+ "readinessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 5,
+ "exec": {
+ "command": [ "/bin/sh", "-i", "-c",
+ "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"]
+ }
+ },
+ "livenessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 3306
+ }
+ },
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${MYSQL_USER}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${MYSQL_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${MYSQL_DATABASE}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
+ "imagePullPolicy": "IfNotPresent"
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "emptyDir": {
+ "medium": ""
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "description": "Maximum amount of memory the container can use.",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "description": "The OpenShift Namespace where the ImageStream resides.",
+ "value": "openshift"
+ },
+ {
+ "name": "DATABASE_SERVICE_NAME",
+ "displayName": "Database Service Name",
+ "description": "The name of the OpenShift Service exposed for the database.",
+ "value": "mariadb",
+ "required": true
+ },
+ {
+ "name": "MYSQL_USER",
+ "displayName": "MariaDB Connection Username",
+ "description": "Username for MariaDB user that will be used for accessing the database.",
+ "generate": "expression",
+ "from": "user[A-Z0-9]{3}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "displayName": "MariaDB Connection Password",
+ "description": "Password for the MariaDB connection user.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "displayName": "MariaDB Database Name",
+ "description": "Name of the MariaDB database accessed.",
+ "value": "sampledb",
+ "required": true
+ }
+ ],
+ "labels": {
+ "template": "mariadb-persistent-template"
+ }
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json
new file mode 100644
index 000000000..0d5b39e81
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json
@@ -0,0 +1,208 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mariadb-persistent",
+ "annotations": {
+ "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.",
+ "iconClass": "icon-mariadb",
+ "tags": "database,mariadb"
+ }
+ },
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "mariadb",
+ "port": 3306
+ }
+ ],
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "mariadb"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "mariadb:10.1",
+ "namespace": "${NAMESPACE}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "labels": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "mariadb",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 3306
+ }
+ ],
+ "readinessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 5,
+ "exec": {
+ "command": [ "/bin/sh", "-i", "-c",
+ "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"]
+ }
+ },
+ "livenessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 3306
+ }
+ },
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${MYSQL_USER}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${MYSQL_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${MYSQL_DATABASE}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
+ "imagePullPolicy": "IfNotPresent"
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "persistentVolumeClaim": {
+ "claimName": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "description": "Maximum amount of memory the container can use.",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "description": "The OpenShift Namespace where the ImageStream resides.",
+ "value": "openshift"
+ },
+ {
+ "name": "DATABASE_SERVICE_NAME",
+ "displayName": "Database Service Name",
+ "description": "The name of the OpenShift Service exposed for the database.",
+ "value": "mariadb",
+ "required": true
+ },
+ {
+ "name": "MYSQL_USER",
+ "displayName": "MariaDB Connection Username",
+ "description": "Username for MariaDB user that will be used for accessing the database.",
+ "generate": "expression",
+ "from": "user[A-Z0-9]{3}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "displayName": "MariaDB Connection Password",
+ "description": "Password for the MariaDB connection user.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "displayName": "MariaDB Database Name",
+ "description": "Name of the MariaDB database accessed.",
+ "value": "sampledb",
+ "required": true
+ },
+ {
+ "name": "VOLUME_CAPACITY",
+ "displayName": "Volume Capacity",
+ "description": "Volume space available for data, e.g. 512Mi, 2Gi.",
+ "value": "1Gi",
+ "required": true
+ }
+ ],
+ "labels": {
+ "template": "mariadb-persistent-template"
+ }
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
index 9a935be5e..329e7a692 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json
@@ -60,7 +60,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mongodb:latest",
+ "name": "mongodb:3.2",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -182,7 +182,7 @@
},
{
"name": "MONGODB_USER",
- "displayName": "MongoDB User",
+ "displayName": "MongoDB Connection Username",
"description": "Username for MongoDB user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -190,8 +190,8 @@
},
{
"name": "MONGODB_PASSWORD",
- "displayName": "MongoDB Password",
- "description": "Password for the MongoDB user.",
+ "displayName": "MongoDB Connection Password",
+ "description": "Password for the MongoDB connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
@@ -214,5 +214,6 @@
],
"labels": {
"template": "mongodb-ephemeral-template"
- }
+ },
+ "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
index 4f73d00cc..0fedad71e 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json
@@ -77,7 +77,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mongodb:latest",
+ "name": "mongodb:3.2",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -199,7 +199,7 @@
},
{
"name": "MONGODB_USER",
- "displayName": "MongoDB User",
+ "displayName": "MongoDB Connection Username",
"description": "Username for MongoDB user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -207,8 +207,8 @@
},
{
"name": "MONGODB_PASSWORD",
- "displayName": "MongoDB Password",
- "description": "Password for the MongoDB user.",
+ "displayName": "MongoDB Connection Password",
+ "description": "Password for the MongoDB connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
@@ -238,5 +238,6 @@
],
"labels": {
"template": "mongodb-persistent-template"
- }
+ },
+ "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
index 5f133b946..8a4ec41b2 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json
@@ -3,7 +3,6 @@
"apiVersion": "v1",
"metadata": {
"name": "mysql-ephemeral",
- "creationTimestamp": null,
"annotations": {
"description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
"iconClass": "icon-mysql-database",
@@ -60,7 +59,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mysql:latest",
+ "name": "mysql:5.6",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -122,10 +121,10 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
- },
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
"volumeMounts": [
{
"name": "${DATABASE_SERVICE_NAME}-data",
@@ -179,7 +178,7 @@
},
{
"name": "MYSQL_USER",
- "displayName": "MySQL User",
+ "displayName": "MySQL Connection Username",
"description": "Username for MySQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -187,8 +186,8 @@
},
{
"name": "MYSQL_PASSWORD",
- "displayName": "MySQL Password",
- "description": "Password for the MySQL user.",
+ "displayName": "MySQL Connection Password",
+ "description": "Password for the MySQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json
index 88d8c3940..cae14c998 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json
@@ -65,7 +65,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mysql:latest",
+ "name": "mysql:5.6",
"namespace": "${NAMESPACE}"
}
}
@@ -173,7 +173,7 @@
},
{
"name": "MYSQL_USER",
- "displayName": "MySQL User",
+ "displayName": "MySQL Connection Username",
"description": "Username for MySQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -181,8 +181,8 @@
},
{
"name": "MYSQL_PASSWORD",
- "displayName": "MySQL Password",
- "description": "Password for the MySQL user.",
+ "displayName": "MySQL Connection Password",
+ "description": "Password for the MySQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
index e90244a6b..2b4b2a0cd 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json
@@ -60,7 +60,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "postgresql:latest",
+ "name": "postgresql:9.5",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -121,10 +121,10 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
- },
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
"volumeMounts": [
{
"name": "${DATABASE_SERVICE_NAME}-data",
@@ -178,7 +178,7 @@
},
{
"name": "POSTGRESQL_USER",
- "displayName": "PostgreSQL User",
+ "displayName": "PostgreSQL Connection Username",
"description": "Username for PostgreSQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -186,8 +186,8 @@
},
{
"name": "POSTGRESQL_PASSWORD",
- "displayName": "PostgreSQL Password",
- "description": "Password for the PostgreSQL user.",
+ "displayName": "PostgreSQL Connection Password",
+ "description": "Password for the PostgreSQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json
index 7b05076a5..63a04f08f 100644
--- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json
@@ -77,7 +77,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "postgresql:latest",
+ "name": "postgresql:9.5",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -195,7 +195,7 @@
},
{
"name": "POSTGRESQL_USER",
- "displayName": "PostgreSQL User",
+ "displayName": "PostgreSQL Connection Username",
"description": "Username for PostgreSQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -203,8 +203,8 @@
},
{
"name": "POSTGRESQL_PASSWORD",
- "displayName": "PostgreSQL Password",
- "description": "Password for the PostgreSQL user.",
+ "displayName": "PostgreSQL Connection Password",
+ "description": "Password for the PostgreSQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json
new file mode 100644
index 000000000..3d7afe4aa
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json
@@ -0,0 +1,36 @@
+{
+ "kind": "List",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-image-streams",
+ "annotations": {
+ "description": "ImageStream definitions for .Net Core on RHEL"
+ }
+ },
+ "items": [
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnetcore-10-rhel7"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7",
+ "tags": [
+ {
+ "name": "1.0",
+ "annotations": {
+ "description": ".Net Core 1.0 S2I image.",
+ "iconClass": "icon-dotnet",
+ "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10",
+ "supports":"dotnet:1.0",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git",
+ "sampleContextDir": "1.0/test/asp-net-hello-world",
+ "version": "1.0"
+ }
+ }
+ ]
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json
index d971e5e7a..8aedf80fe 100644
--- a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json
+++ b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json
@@ -92,7 +92,7 @@
},
"from": {
"kind": "ImageStreamTag",
- "name": "0.10"
+ "name": "4"
}
},
{
@@ -109,6 +109,21 @@
"kind": "DockerImage",
"name": "openshift/nodejs-010-centos7:latest"
}
+ },
+ {
+ "name": "4",
+ "annotations": {
+ "description": "Build and run NodeJS 4 applications",
+ "iconClass": "icon-nodejs",
+ "tags": "builder,nodejs",
+ "supports":"nodejs:4,nodejs",
+ "version": "4",
+ "sampleRepo": "https://github.com/openshift/nodejs-ex.git"
+ },
+ "from": {
+ "kind": "DockerImage",
+ "name": "centos/nodejs-4-centos7:latest"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
index 77ffee7f9..8b28f872f 100644
--- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml
@@ -323,4 +323,3 @@ items:
description: "(Deprecated) Node selector operations Curator (label=value)."
name: CURATOR_OPS_NODESELECTOR
value: ""
-
diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
index 89639fd67..ab62ae76f 100644
--- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml
@@ -68,6 +68,8 @@ objects:
value: ${IGNORE_PREFLIGHT}
- name: USE_PERSISTENT_STORAGE
value: ${USE_PERSISTENT_STORAGE}
+ - name: DYNAMICALLY_PROVISION_STORAGE
+ value: ${DYNAMICALLY_PROVISION_STORAGE}
- name: HAWKULAR_METRICS_HOSTNAME
value: ${HAWKULAR_METRICS_HOSTNAME}
- name: CASSANDRA_NODES
@@ -76,6 +78,8 @@ objects:
value: ${CASSANDRA_PV_SIZE}
- name: METRIC_DURATION
value: ${METRIC_DURATION}
+ - name: USER_WRITE_ACCESS
+ value: ${USER_WRITE_ACCESS}
- name: HEAPSTER_NODE_ID
value: ${HEAPSTER_NODE_ID}
- name: METRIC_RESOLUTION
@@ -123,6 +127,10 @@ parameters:
name: USE_PERSISTENT_STORAGE
value: "true"
-
+ description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes"
+ name: DYNAMICALLY_PROVISION_STORAGE
+ value: "false"
+-
description: "The number of Cassandra Nodes to deploy for the initial cluster"
name: CASSANDRA_NODES
value: "1"
@@ -135,6 +143,10 @@ parameters:
name: METRIC_DURATION
value: "7"
-
+ description: "If a user accounts should be allowed to write metrics."
+ name: USER_WRITE_ACCESS
+ value: "false"
+-
description: "The identifier used when generating metric ids in Hawkular"
name: HEAPSTER_NODE_ID
value: "nodename"
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
index bc9c8e8fd..cc7920b7d 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json
@@ -207,9 +207,9 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
}
}
]
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
index 0b7fd7cab..7d1dea11b 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json
@@ -83,7 +83,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "python:3.4"
+ "name": "python:3.5"
},
"env": [
{
@@ -273,7 +273,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "postgresql:9.4"
+ "name": "postgresql:9.5"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
index 9e84e27e1..1c2e40d70 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json
@@ -83,7 +83,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "python:3.4"
+ "name": "python:3.5"
},
"env": [
{
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
index d1ae6de90..4f565206f 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json
@@ -10,6 +10,7 @@
"tags": "instant-app,jenkins"
}
},
+ "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.",
"objects": [
{
"kind": "Route",
@@ -172,7 +173,8 @@
"displayName": "Jenkins Password",
"description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
- "value": "password"
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
},
{
"name": "MEMORY_LIMIT",
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
index c7bc3f2fa..eda826a5b 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json
@@ -10,6 +10,7 @@
"tags": "instant-app,jenkins"
}
},
+ "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.",
"objects": [
{
"kind": "Route",
@@ -189,7 +190,8 @@
"displayName": "Jenkins Password",
"description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
- "value": "password"
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
},
{
"name": "MEMORY_LIMIT",
diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json
index 325663313..fc409f709 100644
--- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json
@@ -10,6 +10,7 @@
"tags": "instant-app,jenkins"
}
},
+ "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.",
"objects": [
{
"kind": "Route",
@@ -171,8 +172,7 @@
"kind": "Service",
"apiVersion": "v1",
"metadata": {
- "name": "jenkins-jnlp",
- "creationTimestamp": null
+ "name": "jenkins-jnlp"
},
"spec": {
"ports": [
@@ -244,12 +244,13 @@
{
"name": "JENKINS_PASSWORD",
"displayName": "Jenkins Password",
- "description": "Password for the Jenkins user.",
+ "description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
- "value": "password"
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
}
],
"labels": {
- "template": "jenkins-ephemeral-template"
+ "template": "jenkins-pipeline-template"
}
}
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
index b2b9f2478..6ab4a1781 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json
@@ -83,7 +83,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "nodejs:0.10"
+ "name": "nodejs:4"
},
"env": [
{
@@ -271,7 +271,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "mongodb:2.6"
+ "name": "mongodb:3.2"
}
}
},
@@ -322,7 +322,7 @@
"timeoutSeconds": 1,
"initialDelaySeconds": 3,
"exec": {
- "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${DATABASE_ADMIN_PASSWORD} -n 1 --noheaders"]
+ "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""]
}
},
"livenessProbe": {
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
index 08c7d3106..ec262e4e8 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json
@@ -83,7 +83,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "nodejs:0.10"
+ "name": "nodejs:4"
},
"env": [
{
diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
index e64e2feeb..50d60f2bb 100644
--- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json
@@ -83,7 +83,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "ruby:2.2"
+ "name": "ruby:2.3"
},
"env": [
{
@@ -300,7 +300,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${NAMESPACE}",
- "name": "postgresql:9.4"
+ "name": "postgresql:9.5"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json
index 46f93823c..4edc97f41 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json
@@ -127,6 +127,19 @@
"sampleRef": "6.4.x",
"version": "1.3"
}
+ },
+ {
+ "name": "1.4",
+ "annotations": {
+ "description": "JBoss EAP 6.4 S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,eap,javaee,java,jboss,xpaas",
+ "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4",
+ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
+ "sampleContextDir": "kitchensink",
+ "sampleRef": "6.4.x",
+ "version": "1.4"
+ }
}
]
}
@@ -152,6 +165,19 @@
"sampleRef": "7.0.0.GA",
"version": "1.3"
}
+ },
+ {
+ "name": "1.4",
+ "annotations": {
+ "description": "JBoss EAP 7.0 S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,eap,javaee,java,jboss,xpaas",
+ "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4",
+ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
+ "sampleContextDir": "kitchensink",
+ "sampleRef": "7.0.0.GA",
+ "version": "1.4"
+ }
}
]
}
@@ -168,7 +194,7 @@
{
"name": "1.2",
"annotations": {
- "description": "Decision Server 6.2 S2I images.",
+ "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.",
"iconClass": "icon-jboss",
"tags": "builder,decisionserver,java,xpaas",
"supports":"decisionserver:6.2,java:8,xpaas:1.2",
@@ -185,6 +211,56 @@
"kind": "ImageStream",
"apiVersion": "v1",
"metadata": {
+ "name": "jboss-decisionserver63-openshift"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift",
+ "tags": [
+ {
+ "name": "1.3",
+ "annotations": {
+ "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,decisionserver,java,xpaas",
+ "supports":"decisionserver:6.3,java:8,xpaas:1.3",
+ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "sampleContextDir": "decisionserver/hellorules",
+ "sampleRef": "1.3",
+ "version": "1.3"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "jboss-processserver63-openshift"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift",
+ "tags": [
+ {
+ "name": "1.3",
+ "annotations": {
+ "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,processserver,java,xpaas",
+ "supports":"processserver:6.3,java:8,xpaas:1.3",
+ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "sampleContextDir": "processserver/library",
+ "sampleRef": "1.3",
+ "version": "1.3"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
"name": "jboss-datagrid65-openshift"
},
"spec": {
@@ -255,19 +331,16 @@
}
},
"spec": {
+ "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift",
"tags": [
{
- "name": "1.3-TP",
+ "name": "1.3",
"annotations": {
- "description": "Red Hat SSO 7.0 Tech Preview",
+ "description": "Red Hat SSO 7.0",
"iconClass": "icon-jboss",
"tags": "sso,keycloak,redhat",
"supports":"sso:7.0,xpaas:1.3",
"version": "1.3"
- },
- "from": {
- "kind": "DockerImage",
- "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3"
}
}
]
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json
index ce953c05f..ab35afead 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json
@@ -40,6 +40,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
"name": "MQ_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -281,6 +287,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_MESH_DISCOVERY_TYPE",
"value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json
index 7d41a29ad..c12f06dec 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json
@@ -46,6 +46,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -451,6 +457,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json
index 5d5dd9840..897ce0395 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json
@@ -46,6 +46,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -299,6 +305,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json
index 4122a02a1..97d110286 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json
@@ -40,6 +40,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
"name": "MQ_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -435,6 +441,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_MESH_DISCOVERY_TYPE",
"value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json
index d0e272a8d..12720eb19 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.",
"tags": "datagrid,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "datagrid65-postgresql-persistent"
},
"labels": {
"template": "datagrid65-postgresql-persistent",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -710,6 +710,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json
index 55a68db40..da8015fb0 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for JDG 6.5 and PostgreSQL applications built using.",
"tags": "datagrid,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "datagrid65-postgresql"
},
"labels": {
"template": "datagrid65-postgresql",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -698,6 +698,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json
index 219b8ece7..754a3b4c0 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,amq,java,messaging,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-amq-s2i"
},
"labels": {
"template": "decisionserver62-amq-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -145,18 +145,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -391,8 +389,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -460,11 +458,6 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
@@ -609,6 +602,11 @@
},
"ports": [
{
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
"name": "amqp",
"containerPort": 5672,
"protocol": "TCP"
@@ -658,20 +656,24 @@
"value": "${MQ_PROTOCOL}"
},
{
- "name": "AMQ_QUEUES",
- "value": "${MQ_QUEUES}"
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
{
- "name": "AMQ_TOPICS",
- "value": "${MQ_TOPICS}"
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json
index 097720375..8be4ac90b 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-basic-s2i"
},
"labels": {
"template": "decisionserver62-basic-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -245,8 +245,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -301,11 +301,6 @@
"name": "http",
"containerPort": 8080,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json
index e5e2dee63..bf9047599 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-https-s2i"
},
"labels": {
"template": "decisionserver62-https-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -334,8 +334,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -403,11 +403,6 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json
new file mode 100644
index 000000000..51e667e02
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json
@@ -0,0 +1,696 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,amq,java,messaging,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-amq-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-amq-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "decisionserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's HTTP port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's HTTPS port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's HTTP service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's HTTPS service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "decisionserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "mountPath": "/etc/decisionserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/decisionserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json
new file mode 100644
index 000000000..c5f0d006a
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json
@@ -0,0 +1,339 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-basic-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-basic-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json
new file mode 100644
index 000000000..3db0e4c84
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json
@@ -0,0 +1,473 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-https-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-https-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "decisionserver-app-secret",
+ "required": true
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "decisionserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "mountPath": "/etc/decisionserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/decisionserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json
index c9ecee9cb..72dbb4302 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap64-amq-persistent-s2i"
},
"labels": {
"template": "eap64-amq-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -88,6 +88,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -100,6 +112,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -126,18 +144,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -189,6 +205,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -342,7 +364,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -397,8 +419,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -419,7 +441,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -508,6 +530,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -528,6 +554,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -558,6 +588,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -713,6 +747,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
@@ -735,14 +773,6 @@
{
"name": "AMQ_STORAGE_USAGE_LIMIT",
"value": "${AMQ_STORAGE_USAGE_LIMIT}"
- },
- {
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
- },
- {
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json
index 99724db94..9dd847451 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap64-amq-s2i"
},
"labels": {
"template": "eap64-amq-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -114,18 +132,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -177,6 +193,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -330,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -385,8 +407,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -407,7 +429,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -496,6 +518,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -516,6 +542,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -546,6 +576,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -692,12 +726,28 @@
"value": "${MQ_TOPICS}"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json
index 2e3849e2a..7b1800b7b 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-basic-s2i"
},
"labels": {
"template": "eap64-basic-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -90,6 +90,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -172,7 +178,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -227,8 +233,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -318,6 +324,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json
index 2517be3ca..31716d84c 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-https-s2i"
},
"labels": {
"template": "eap64-https-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -76,6 +82,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -144,6 +156,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -273,7 +291,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -328,8 +346,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -350,7 +368,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -431,6 +449,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -473,6 +495,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json
index 97cc465d2..212431056 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mongodb-persistent-s2i"
},
"labels": {
"template": "eap64-mongodb-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -213,6 +225,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -366,7 +384,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -421,8 +439,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -443,7 +461,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -560,6 +578,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -602,6 +624,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json
index 8bdd85546..13fbbdd93 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MongoDB applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mongodb-s2i"
},
"labels": {
"template": "eap64-mongodb-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -207,6 +219,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -360,7 +378,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -415,8 +433,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -437,7 +455,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -554,6 +572,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -596,6 +618,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json
index dcc591836..69fdec206 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mysql-persistent-s2i"
},
"labels": {
"template": "eap64-mysql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -216,6 +228,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -369,7 +387,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -424,8 +442,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -446,7 +464,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -563,6 +581,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -605,6 +627,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-mysql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json
index 372802eea..2bd3c249f 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MySQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mysql-s2i"
},
"labels": {
"template": "eap64-mysql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -210,6 +222,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -363,7 +381,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -418,8 +436,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -440,7 +458,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -557,6 +575,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -599,6 +621,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-mysql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json
index 1ba00e3b5..31f245950 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-postgresql-persistent-s2i"
},
"labels": {
"template": "eap64-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -201,6 +213,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -354,7 +372,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -409,8 +427,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -431,7 +449,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -548,6 +566,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -590,6 +612,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-postgresql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -693,6 +723,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json
index 860374d3c..eac964697 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 PostgreSQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-postgresql-s2i"
},
"labels": {
"template": "eap64-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -195,6 +207,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -348,7 +366,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -403,8 +421,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -425,7 +443,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -542,6 +560,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -584,6 +606,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-postgresql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -681,6 +711,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json
index 6c644553e..09023be71 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json
@@ -6,13 +6,13 @@
"iconClass" : "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I, enabled for SSO.",
"tags": "eap,javaee,java,jboss,xpaas,sso,keycloak",
- "version": "1.3.0"
+ "version": "1.3.2"
},
"name": "eap64-sso-s2i"
},
"labels": {
"template": "eap64-sso-s2i",
- "xpaas": "1.3.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -22,27 +22,27 @@
"required": true
},
{
- "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
"name": "HOSTNAME_HTTP",
"value": "",
- "required": false
+ "required": true
},
{
- "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
"name": "HOSTNAME_HTTPS",
"value": "",
- "required": false
+ "required": true
},
{
"description": "Git source URI for application",
"name": "SOURCE_REPOSITORY_URL",
- "value": "https://github.com/keycloak/keycloak-examples",
+ "value": "https://github.com/redhat-developer/redhat-sso-quickstarts",
"required": true
},
{
"description": "Git branch/tag reference",
"name": "SOURCE_REPOSITORY_REF",
- "value": "0.4-openshift",
+ "value": "7.0.x-ose",
"required": false
},
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -76,15 +82,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -127,15 +139,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -146,31 +158,43 @@
"required": true
},
{
- "description": "SSO Location",
- "name": "SSO_URI",
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.",
+ "name": "SSO_URL",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.",
+ "name": "SSO_SERVICE_URL",
"value": "https://secure-sso:8443/auth",
"required": false
},
{
- "description": "SSO Realm",
+ "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).",
"name": "SSO_REALM",
- "value": "demo",
- "required": false
+ "value": "",
+ "required": true
},
{
- "description": "SSO Username",
+ "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.",
"name": "SSO_USERNAME",
"value": "",
"required": false
},
{
- "description": "SSO Password",
+ "description": "The password for the SSO service user.",
"name": "SSO_PASSWORD",
"value": "",
"required": false
},
{
- "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability",
+ "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.",
"name": "SSO_PUBLIC_KEY",
"value": "",
"required": false
@@ -182,21 +206,9 @@
"required": false
},
{
- "description": "Routes",
- "name": "APPLICATION_ROUTES",
- "value": "",
- "required": false
- },
- {
- "description": "Artifacts",
+ "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.",
"name": "ARTIFACT_DIR",
- "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target",
- "required": false
- },
- {
- "description": "maven",
- "name": "MAVEN_ARGS_APPEND",
- "value": "",
+ "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target",
"required": false
},
{
@@ -208,7 +220,7 @@
{
"description": "The name of the keystore file within the secret",
"name": "SSO_SAML_KEYSTORE",
- "value": "/etc/sso-saml-secret-volume/keystore.jks",
+ "value": "keystore.jks",
"required": false
},
{
@@ -235,6 +247,36 @@
"name": "SSO_ENABLE_CORS",
"value": "false",
"required": false
+ },
+ {
+ "description": "SSO logout page for SAML applications",
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "/",
+ "required": false
+ },
+ {
+ "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)",
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "true",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "eap-app-secret",
+ "required": false
}
],
"objects": [
@@ -364,7 +406,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.3"
+ "name": "jboss-eap64-openshift:1.4"
},
"env": [
{
@@ -373,7 +415,7 @@
},
{
"name": "MAVEN_ARGS_APPEND",
- "value": "${MAVEN_ARGS_APPEND}"
+ "value": ""
}
]
}
@@ -429,8 +471,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -451,7 +493,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -473,6 +515,11 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
"livenessProbe": {
@@ -529,6 +576,14 @@
}
},
{
+ "name": "HOSTNAME_HTTP",
+ "value": "${HOSTNAME_HTTP}"
+ },
+ {
+ "name": "HOSTNAME_HTTPS",
+ "value": "${HOSTNAME_HTTPS}"
+ },
+ {
"name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
@@ -537,6 +592,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -581,8 +640,16 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
- "name": "SSO_URI",
- "value": "${SSO_URI}"
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
+ "name": "SSO_URL",
+ "value": "${SSO_URL}"
+ },
+ {
+ "name": "SSO_SERVICE_URL",
+ "value": "${SSO_SERVICE_URL}"
},
{
"name": "SSO_REALM",
@@ -605,10 +672,6 @@
"value": "${SSO_BEARER_ONLY}"
},
{
- "name": "APPLICATION_ROUTES",
- "value": "${APPLICATION_ROUTES}"
- },
- {
"name": "SSO_SAML_KEYSTORE_SECRET",
"value": "${SSO_SAML_KEYSTORE_SECRET}"
},
@@ -617,6 +680,10 @@
"value": "${SSO_SAML_KEYSTORE}"
},
{
+ "name": "SSO_SAML_KEYSTORE_DIR",
+ "value": "/etc/sso-saml-secret-volume"
+ },
+ {
"name": "SSO_SAML_CERTIFICATE_NAME",
"value": "${SSO_SAML_CERTIFICATE_NAME}"
},
@@ -631,6 +698,26 @@
{
"name": "SSO_ENABLE_CORS",
"value": "${SSO_ENABLE_CORS}"
+ },
+ {
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "${SSO_SAML_LOGOUT_PAGE}"
+ },
+ {
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -653,6 +740,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json
index d9607ddd7..f08cdf2f9 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-amq-persistent-s2i"
},
"labels": {
"template": "eap70-amq-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -88,9 +88,21 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
- "value": "eap-app-secret",
+ "value": "eap7-app-secret",
"required": false
},
{
@@ -100,6 +112,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -126,18 +144,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -162,7 +178,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "eap7-app-secret",
"required": false
},
{
@@ -189,6 +205,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -342,7 +364,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -397,8 +419,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -419,7 +441,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -508,6 +530,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -528,6 +554,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -558,6 +588,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -713,6 +747,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
@@ -735,14 +773,6 @@
{
"name": "AMQ_STORAGE_USAGE_LIMIT",
"value": "${AMQ_STORAGE_USAGE_LIMIT}"
- },
- {
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
- },
- {
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json
index 552b637b8..3ca9e9fab 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-amq-s2i"
},
"labels": {
"template": "eap70-amq-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -114,18 +132,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -177,6 +193,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -330,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -385,8 +407,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -407,7 +429,7 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -496,6 +518,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -516,6 +542,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -546,6 +576,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -692,12 +726,28 @@
"value": "${MQ_TOPICS}"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json
index f03fc69fa..83b4d5b24 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 7 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-basic-s2i"
},
"labels": {
"template": "eap70-basic-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -90,6 +90,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -172,7 +178,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -227,8 +233,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -249,12 +255,23 @@
}
},
"spec": {
- "terminationGracePeriodSeconds": 60,
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
"image": "${APPLICATION_NAME}",
"imagePullPolicy": "Always",
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -318,6 +335,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json
index 27d9b656d..1292442a4 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 7 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-https-s2i"
},
"labels": {
"template": "eap70-https-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -76,6 +82,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -144,6 +156,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -273,7 +291,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -328,8 +346,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -350,8 +368,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -369,6 +387,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -431,6 +460,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -473,6 +506,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json
index 9cc786416..99db77d58 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mongodb-persistent-s2i"
},
"labels": {
"template": "eap70-mongodb-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -213,6 +225,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -366,7 +384,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -421,8 +439,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -443,8 +461,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -462,6 +480,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -560,6 +589,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -602,6 +635,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json
index 4db6adcf8..c8150c231 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MongoDB applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mongodb-s2i"
},
"labels": {
"template": "eap70-mongodb-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -207,6 +219,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -360,7 +378,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -415,8 +433,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -437,8 +455,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -456,6 +474,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -554,6 +583,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -596,6 +629,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json
index 91a79d797..f8e5c2b04 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mysql-persistent-s2i"
},
"labels": {
"template": "eap70-mysql-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -216,6 +228,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -369,7 +387,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -424,8 +442,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -446,8 +464,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -465,6 +483,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -563,6 +592,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -607,6 +640,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-mysql"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json
index 63e4ecd2b..1edeb62e7 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MySQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mysql-s2i"
},
"labels": {
"template": "eap70-mysql-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -210,6 +222,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -363,7 +381,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -418,8 +436,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -440,8 +458,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -459,6 +477,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -557,6 +586,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -601,6 +634,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-mysql"
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json
index ea681d847..d11df06ee 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-postgresql-persistent-s2i"
},
"labels": {
"template": "eap70-postgresql-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -201,6 +213,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -354,7 +372,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -409,8 +427,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -431,8 +449,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -450,6 +468,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -548,6 +577,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -592,6 +625,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-postgresql"
},
@@ -701,6 +738,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json
index df95d823e..6b7f6d707 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 PostgreSQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-postgresql-s2i"
},
"labels": {
"template": "eap70-postgresql-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -195,6 +207,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -348,7 +366,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -403,8 +421,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -425,8 +443,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -444,6 +462,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -542,6 +571,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -586,6 +619,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-postgresql"
},
@@ -689,6 +726,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json
new file mode 100644
index 000000000..811602220
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json
@@ -0,0 +1,767 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "iconClass" : "icon-jboss",
+ "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.",
+ "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak",
+ "version": "1.3.2"
+ },
+ "name": "eap70-sso-s2i"
+ },
+ "labels": {
+ "template": "eap70-sso-s2i",
+ "xpaas": "1.3.2"
+ },
+ "parameters": [
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "eap-app",
+ "required": true
+ },
+ {
+ "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/redhat-developer/redhat-sso-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "7.0.x-ose",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "eap7-app-secret",
+ "required": true
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
+ "name": "HTTPS_NAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
+ "name": "HTTPS_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "JGROUPS_ENCRYPT_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "JGROUPS_ENCRYPT_KEYSTORE",
+ "value": "jgroups.jceks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. secret-key)",
+ "name": "JGROUPS_ENCRYPT_NAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate (e.g. password)",
+ "name": "JGROUPS_ENCRYPT_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "JGroups cluster password",
+ "name": "JGROUPS_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.",
+ "name": "SSO_URL",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.",
+ "name": "SSO_SERVICE_URL",
+ "value": "https://secure-sso:8443/auth",
+ "required": false
+ },
+ {
+ "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.",
+ "name": "SSO_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability",
+ "name": "SSO_PUBLIC_KEY",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "SSO Client Access Type",
+ "name": "SSO_BEARER_ONLY",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.",
+ "name": "ARTIFACT_DIR",
+ "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "SSO_SAML_KEYSTORE_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "SSO_SAML_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "SSO_SAML_CERTIFICATE_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "SSO_SAML_KEYSTORE_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "The SSO Client Secret for Confidential Access",
+ "name": "SSO_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Enable CORS for SSO applications",
+ "name": "SSO_ENABLE_CORS",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "SSO logout page for SAML applications",
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "/",
+ "required": false
+ },
+ {
+ "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)",
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "true",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-eap70-openshift:1.4"
+ },
+ "env": [
+ {
+ "name": "ARTIFACT_DIR",
+ "value": "${ARTIFACT_DIR}"
+ },
+ {
+ "name": "MAVEN_ARGS_APPEND",
+ "value": ""
+ }
+ ]
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "sso-saml-keystore-volume",
+ "mountPath": "/etc/sso-saml-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "eap-keystore-volume",
+ "mountPath": "/etc/eap-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "eap-jgroups-keystore-volume",
+ "mountPath": "/etc/jgroups-encrypt-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "OPENSHIFT_KUBE_PING_LABELS",
+ "value": "application=${APPLICATION_NAME}"
+ },
+ {
+ "name": "OPENSHIFT_KUBE_PING_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "HOSTNAME_HTTP",
+ "value": "${HOSTNAME_HTTP}"
+ },
+ {
+ "name": "HOSTNAME_HTTPS",
+ "value": "${HOSTNAME_HTTPS}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/eap-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_SECRET",
+ "value": "${JGROUPS_ENCRYPT_SECRET}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR",
+ "value": "/etc/jgroups-encrypt-secret-volume"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_KEYSTORE",
+ "value": "${JGROUPS_ENCRYPT_KEYSTORE}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_NAME",
+ "value": "${JGROUPS_ENCRYPT_NAME}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_PASSWORD",
+ "value": "${JGROUPS_ENCRYPT_PASSWORD}"
+ },
+ {
+ "name": "JGROUPS_CLUSTER_PASSWORD",
+ "value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
+ "name": "SSO_URL",
+ "value": "${SSO_URL}"
+ },
+ {
+ "name": "SSO_SERVICE_URL",
+ "value": "${SSO_SERVICE_URL}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_USERNAME",
+ "value": "${SSO_USERNAME}"
+ },
+ {
+ "name": "SSO_PASSWORD",
+ "value": "${SSO_PASSWORD}"
+ },
+ {
+ "name": "SSO_PUBLIC_KEY",
+ "value": "${SSO_PUBLIC_KEY}"
+ },
+ {
+ "name": "SSO_BEARER_ONLY",
+ "value": "${SSO_BEARER_ONLY}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_SECRET",
+ "value": "${SSO_SAML_KEYSTORE_SECRET}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE",
+ "value": "${SSO_SAML_KEYSTORE}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_DIR",
+ "value": "/etc/sso-saml-secret-volume"
+ },
+ {
+ "name": "SSO_SAML_CERTIFICATE_NAME",
+ "value": "${SSO_SAML_CERTIFICATE_NAME}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_PASSWORD",
+ "value": "${SSO_SAML_KEYSTORE_PASSWORD}"
+ },
+ {
+ "name": "SSO_SECRET",
+ "value": "${SSO_SECRET}"
+ },
+ {
+ "name": "SSO_ENABLE_CORS",
+ "value": "${SSO_ENABLE_CORS}"
+ },
+ {
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "${SSO_SAML_LOGOUT_PAGE}"
+ },
+ {
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "sso-saml-keystore-volume",
+ "secret": {
+ "secretName": "${SSO_SAML_KEYSTORE_SECRET}"
+ }
+ },
+ {
+ "name": "eap-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ },
+ {
+ "name": "eap-jgroups-keystore-volume",
+ "secret": {
+ "secretName": "${JGROUPS_ENCRYPT_SECRET}"
+ }
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json
index 376f2f61b..413a6de87 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json
@@ -215,8 +215,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json
index 0090d4090..610ea9441 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json
@@ -292,8 +292,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
index f0abc9b24..6ef9d6e4c 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
@@ -385,8 +385,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
index dc43fbea3..9b48f8ae7 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
@@ -379,8 +379,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
index 6d02c7487..30af703ce 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
@@ -388,8 +388,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json
index cb23d32a7..c2843af63 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json
@@ -382,8 +382,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
index 82096ab12..b8372f374 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.",
"tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat7-postgresql-persistent-s2i"
},
"labels": {
"template": "jws30-tomcat7-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -373,8 +373,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -587,6 +587,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
index 6c2e42564..cd5bb9fa4 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications built using S2I.",
"tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat7-postgresql-s2i"
},
"labels": {
"template": "jws30-tomcat7-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -367,8 +367,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -575,6 +575,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json
index b425891c6..cb1e49d29 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json
@@ -215,8 +215,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json
index 7a5414fd7..21d5662c7 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json
@@ -292,8 +292,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
index 020c32d31..34657d826 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
@@ -385,8 +385,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
index 48371db95..974cfaddb 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
@@ -379,8 +379,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
index b1e847c60..7a8231cc5 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
@@ -388,8 +388,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json
index ca501102f..cda21f237 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json
@@ -382,8 +382,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
index 9050874ab..4dfc98015 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.",
"tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat8-postgresql-persistent-s2i"
},
"labels": {
"template": "jws30-tomcat8-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -373,8 +373,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -587,6 +587,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
index dba4d8b26..f6c85668c 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications built using S2I.",
"tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat8-postgresql-s2i"
},
"labels": {
"template": "jws30-tomcat8-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -367,8 +367,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -573,6 +573,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json
new file mode 100644
index 000000000..1dea463ac
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json
@@ -0,0 +1,1079 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-mysql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-mysql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Split the data directory for each node in a mesh.",
+ "name": "AMQ_SPLIT",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/mysql/data",
+ "name": "${APPLICATION_NAME}-mysql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-mysql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-mysql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "mountPath": "/opt/amq/data",
+ "name": "${APPLICATION_NAME}-amq-pvol"
+ }
+ ],
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_SPLIT",
+ "value": "${AMQ_SPLIT}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-amq-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-amq-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteMany"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json
new file mode 100644
index 000000000..42264585b
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json
@@ -0,0 +1,959 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-mysql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-mysql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json
new file mode 100644
index 000000000..f6d0c99ed
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json
@@ -0,0 +1,1052 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-postgresql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-postgresql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Split the data directory for each node in a mesh.",
+ "name": "AMQ_SPLIT",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/pgsql/data",
+ "name": "${APPLICATION_NAME}-postgresql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-postgresql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "mountPath": "/opt/amq/data",
+ "name": "${APPLICATION_NAME}-amq-pvol"
+ }
+ ],
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_SPLIT",
+ "value": "${AMQ_SPLIT}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-amq-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-amq-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteMany"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json
new file mode 100644
index 000000000..41c726cf0
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json
@@ -0,0 +1,932 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-postgresql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-postgresql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json
new file mode 100644
index 000000000..170c919cb
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json
@@ -0,0 +1,345 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,javaee,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-basic-s2i"
+ },
+ "labels": {
+ "template": "processserver63-basic-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.H2Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json
new file mode 100644
index 000000000..89d0db1a6
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json
@@ -0,0 +1,792 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-mysql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-mysql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/mysql/data",
+ "name": "${APPLICATION_NAME}-mysql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-mysql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-mysql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json
new file mode 100644
index 000000000..26cab29f8
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json
@@ -0,0 +1,716 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-mysql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-mysql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json
new file mode 100644
index 000000000..32a512829
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json
@@ -0,0 +1,765 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-postgresql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-postgresql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/pgsql/data",
+ "name": "${APPLICATION_NAME}-postgresql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-postgresql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json
new file mode 100644
index 000000000..55e2199bb
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json
@@ -0,0 +1,689 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-postgresql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-postgresql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json
index 7f320bace..fb0578a67 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,java,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
- "name": "sso70-basic"
+ "name": "sso70-https"
},
"labels": {
- "template": "sso70-basic",
- "xpaas" : "1.3.0"
+ "template": "sso70-https",
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -34,6 +34,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -46,15 +52,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -73,28 +85,9 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -104,15 +97,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -127,6 +120,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -179,30 +220,6 @@
}
},
{
- "kind": "Service",
- "apiVersion": "v1",
- "spec": {
- "ports": [
- {
- "port": 5432,
- "targetPort": 5432
- }
- ],
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}-basic"
- }
- },
- "metadata": {
- "name": "${APPLICATION_NAME}-basic",
- "labels": {
- "application": "${APPLICATION_NAME}"
- },
- "annotations": {
- "description": "The database server's port."
- }
- }
- },
- {
"kind": "Route",
"apiVersion": "v1",
"id": "${APPLICATION_NAME}-http",
@@ -269,7 +286,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -290,8 +307,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -307,8 +324,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -342,6 +375,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -370,32 +408,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
- },
- {
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -420,6 +450,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -436,6 +498,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json
index dc8bd740e..dcbb24bf1 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 MySQL applications with persistent storage",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,mysql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-mysql-persistent"
},
"labels": {
"template": "sso70-mysql-persistent",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -110,13 +122,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -131,18 +136,6 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -151,7 +144,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -161,13 +154,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -184,6 +177,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -326,7 +367,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -347,8 +388,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -364,8 +405,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -399,6 +456,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -451,32 +513,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -501,6 +555,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -517,6 +603,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json
index 029dcee54..1768f7a1b 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 MySQL applications",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,mysql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-mysql"
},
"labels": {
"template": "sso70-mysql",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -110,13 +122,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -131,21 +136,9 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -155,13 +148,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -178,6 +171,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -326,7 +367,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -348,8 +389,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -365,8 +406,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -400,6 +457,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -452,32 +514,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -502,6 +556,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -518,6 +604,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json
index bad7e49b2..4c2f81f2e 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-postgresql-persistent"
},
"labels": {
"template": "sso70-postgresql-persistent",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -95,13 +107,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -116,18 +121,6 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -136,7 +129,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -146,13 +139,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -169,6 +162,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -311,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -332,8 +373,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -349,8 +390,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -384,6 +441,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -436,32 +498,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -486,6 +540,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -502,6 +588,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
@@ -589,6 +681,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json
index 08257d192..d8402ef72 100644
--- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 PostgreSQL applications",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-postgresql"
},
"labels": {
"template": "sso70-postgresql",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -95,13 +107,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -116,21 +121,9 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -140,15 +133,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -163,6 +156,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -311,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -333,8 +374,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -350,8 +391,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -385,6 +442,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -437,32 +499,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -487,6 +541,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -503,6 +589,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
@@ -586,6 +678,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md
index 609f4dec9..c66bdb8bf 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md
@@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a
local path or an URL. Example:
$ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json
- --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json"
- With parameters:
- DATABASE_SERVICE_NAME=mongodb
- MONGODB_USER=userJNX # generated
- MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated
- MONGODB_DATABASE=sampledb
- MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated
- --> Creating resources ...
- Service "mongodb" created
- DeploymentConfig "mongodb" created
- --> Success
- Run 'oc status' to view your app.
The parameters listed in the output above can be tweaked by specifying values in
the command line with the `-p` option:
$ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default
- --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json"
- With parameters:
- DATABASE_SERVICE_NAME=mydb
- MONGODB_USER=default
- MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated
- MONGODB_DATABASE=sampledb
- MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated
- --> Creating resources ...
- Service "mydb" created
- DeploymentConfig "mydb" created
- --> Success
- Run 'oc status' to view your app.
Note that the persistent template requires an existing persistent volume,
otherwise the deployment won't ever succeed.
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json
new file mode 100644
index 000000000..64b004ff4
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json
@@ -0,0 +1,184 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mariadb-ephemeral",
+ "annotations": {
+ "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
+ "iconClass": "icon-mariadb",
+ "tags": "database,mariadb"
+ }
+ },
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "mariadb",
+ "port": 3306
+ }
+ ],
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "mariadb"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "mariadb:10.1",
+ "namespace": "${NAMESPACE}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "labels": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "mariadb",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 3306
+ }
+ ],
+ "readinessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 5,
+ "exec": {
+ "command": [ "/bin/sh", "-i", "-c",
+ "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"]
+ }
+ },
+ "livenessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 3306
+ }
+ },
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${MYSQL_USER}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${MYSQL_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${MYSQL_DATABASE}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
+ "imagePullPolicy": "IfNotPresent"
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "emptyDir": {
+ "medium": ""
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "description": "Maximum amount of memory the container can use.",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "description": "The OpenShift Namespace where the ImageStream resides.",
+ "value": "openshift"
+ },
+ {
+ "name": "DATABASE_SERVICE_NAME",
+ "displayName": "Database Service Name",
+ "description": "The name of the OpenShift Service exposed for the database.",
+ "value": "mariadb",
+ "required": true
+ },
+ {
+ "name": "MYSQL_USER",
+ "displayName": "MariaDB Connection Username",
+ "description": "Username for MariaDB user that will be used for accessing the database.",
+ "generate": "expression",
+ "from": "user[A-Z0-9]{3}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "displayName": "MariaDB Connection Password",
+ "description": "Password for the MariaDB connection user.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "displayName": "MariaDB Database Name",
+ "description": "Name of the MariaDB database accessed.",
+ "value": "sampledb",
+ "required": true
+ }
+ ],
+ "labels": {
+ "template": "mariadb-persistent-template"
+ }
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json
new file mode 100644
index 000000000..0d5b39e81
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json
@@ -0,0 +1,208 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mariadb-persistent",
+ "annotations": {
+ "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.",
+ "iconClass": "icon-mariadb",
+ "tags": "database,mariadb"
+ }
+ },
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "mariadb",
+ "port": 3306
+ }
+ ],
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "mariadb"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "mariadb:10.1",
+ "namespace": "${NAMESPACE}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "labels": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "mariadb",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 3306
+ }
+ ],
+ "readinessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 5,
+ "exec": {
+ "command": [ "/bin/sh", "-i", "-c",
+ "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"]
+ }
+ },
+ "livenessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 3306
+ }
+ },
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${MYSQL_USER}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${MYSQL_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${MYSQL_DATABASE}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/mysql/data"
+ }
+ ],
+ "imagePullPolicy": "IfNotPresent"
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "persistentVolumeClaim": {
+ "claimName": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "description": "Maximum amount of memory the container can use.",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "description": "The OpenShift Namespace where the ImageStream resides.",
+ "value": "openshift"
+ },
+ {
+ "name": "DATABASE_SERVICE_NAME",
+ "displayName": "Database Service Name",
+ "description": "The name of the OpenShift Service exposed for the database.",
+ "value": "mariadb",
+ "required": true
+ },
+ {
+ "name": "MYSQL_USER",
+ "displayName": "MariaDB Connection Username",
+ "description": "Username for MariaDB user that will be used for accessing the database.",
+ "generate": "expression",
+ "from": "user[A-Z0-9]{3}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "displayName": "MariaDB Connection Password",
+ "description": "Password for the MariaDB connection user.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "displayName": "MariaDB Database Name",
+ "description": "Name of the MariaDB database accessed.",
+ "value": "sampledb",
+ "required": true
+ },
+ {
+ "name": "VOLUME_CAPACITY",
+ "displayName": "Volume Capacity",
+ "description": "Volume space available for data, e.g. 512Mi, 2Gi.",
+ "value": "1Gi",
+ "required": true
+ }
+ ],
+ "labels": {
+ "template": "mariadb-persistent-template"
+ }
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json
index 9a935be5e..329e7a692 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json
@@ -60,7 +60,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mongodb:latest",
+ "name": "mongodb:3.2",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -182,7 +182,7 @@
},
{
"name": "MONGODB_USER",
- "displayName": "MongoDB User",
+ "displayName": "MongoDB Connection Username",
"description": "Username for MongoDB user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -190,8 +190,8 @@
},
{
"name": "MONGODB_PASSWORD",
- "displayName": "MongoDB Password",
- "description": "Password for the MongoDB user.",
+ "displayName": "MongoDB Connection Password",
+ "description": "Password for the MongoDB connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
@@ -214,5 +214,6 @@
],
"labels": {
"template": "mongodb-ephemeral-template"
- }
+ },
+ "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json
index 4f73d00cc..0fedad71e 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json
@@ -77,7 +77,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mongodb:latest",
+ "name": "mongodb:3.2",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -199,7 +199,7 @@
},
{
"name": "MONGODB_USER",
- "displayName": "MongoDB User",
+ "displayName": "MongoDB Connection Username",
"description": "Username for MongoDB user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -207,8 +207,8 @@
},
{
"name": "MONGODB_PASSWORD",
- "displayName": "MongoDB Password",
- "description": "Password for the MongoDB user.",
+ "displayName": "MongoDB Connection Password",
+ "description": "Password for the MongoDB connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
@@ -238,5 +238,6 @@
],
"labels": {
"template": "mongodb-persistent-template"
- }
+ },
+ "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json
index 5f133b946..8a4ec41b2 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json
@@ -3,7 +3,6 @@
"apiVersion": "v1",
"metadata": {
"name": "mysql-ephemeral",
- "creationTimestamp": null,
"annotations": {
"description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
"iconClass": "icon-mysql-database",
@@ -60,7 +59,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mysql:latest",
+ "name": "mysql:5.6",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -122,10 +121,10 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
- },
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
"volumeMounts": [
{
"name": "${DATABASE_SERVICE_NAME}-data",
@@ -179,7 +178,7 @@
},
{
"name": "MYSQL_USER",
- "displayName": "MySQL User",
+ "displayName": "MySQL Connection Username",
"description": "Username for MySQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -187,8 +186,8 @@
},
{
"name": "MYSQL_PASSWORD",
- "displayName": "MySQL Password",
- "description": "Password for the MySQL user.",
+ "displayName": "MySQL Connection Password",
+ "description": "Password for the MySQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json
index 88d8c3940..cae14c998 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json
@@ -65,7 +65,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "mysql:latest",
+ "name": "mysql:5.6",
"namespace": "${NAMESPACE}"
}
}
@@ -173,7 +173,7 @@
},
{
"name": "MYSQL_USER",
- "displayName": "MySQL User",
+ "displayName": "MySQL Connection Username",
"description": "Username for MySQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -181,8 +181,8 @@
},
{
"name": "MYSQL_PASSWORD",
- "displayName": "MySQL Password",
- "description": "Password for the MySQL user.",
+ "displayName": "MySQL Connection Password",
+ "description": "Password for the MySQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json
index e90244a6b..2b4b2a0cd 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json
@@ -60,7 +60,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "postgresql:latest",
+ "name": "postgresql:9.5",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -121,10 +121,10 @@
}
],
"resources": {
- "limits": {
- "memory": "${MEMORY_LIMIT}"
- }
- },
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
"volumeMounts": [
{
"name": "${DATABASE_SERVICE_NAME}-data",
@@ -178,7 +178,7 @@
},
{
"name": "POSTGRESQL_USER",
- "displayName": "PostgreSQL User",
+ "displayName": "PostgreSQL Connection Username",
"description": "Username for PostgreSQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -186,8 +186,8 @@
},
{
"name": "POSTGRESQL_PASSWORD",
- "displayName": "PostgreSQL Password",
- "description": "Password for the PostgreSQL user.",
+ "displayName": "PostgreSQL Connection Password",
+ "description": "Password for the PostgreSQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json
index 7b05076a5..63a04f08f 100644
--- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json
@@ -77,7 +77,7 @@
],
"from": {
"kind": "ImageStreamTag",
- "name": "postgresql:latest",
+ "name": "postgresql:9.5",
"namespace": "${NAMESPACE}"
},
"lastTriggeredImage": ""
@@ -195,7 +195,7 @@
},
{
"name": "POSTGRESQL_USER",
- "displayName": "PostgreSQL User",
+ "displayName": "PostgreSQL Connection Username",
"description": "Username for PostgreSQL user that will be used for accessing the database.",
"generate": "expression",
"from": "user[A-Z0-9]{3}",
@@ -203,8 +203,8 @@
},
{
"name": "POSTGRESQL_PASSWORD",
- "displayName": "PostgreSQL Password",
- "description": "Password for the PostgreSQL user.",
+ "displayName": "PostgreSQL Connection Password",
+ "description": "Password for the PostgreSQL connection user.",
"generate": "expression",
"from": "[a-zA-Z0-9]{16}",
"required": true
diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json
new file mode 100644
index 000000000..3d7afe4aa
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json
@@ -0,0 +1,36 @@
+{
+ "kind": "List",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-image-streams",
+ "annotations": {
+ "description": "ImageStream definitions for .Net Core on RHEL"
+ }
+ },
+ "items": [
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnetcore-10-rhel7"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7",
+ "tags": [
+ {
+ "name": "1.0",
+ "annotations": {
+ "description": ".Net Core 1.0 S2I image.",
+ "iconClass": "icon-dotnet",
+ "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10",
+ "supports":"dotnet:1.0",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git",
+ "sampleContextDir": "1.0/test/asp-net-hello-world",
+ "version": "1.0"
+ }
+ }
+ ]
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml
index 032f94a18..afd47ec7c 100644
--- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml
@@ -34,9 +34,11 @@ objects:
metadata:
generateName: metrics-deployer-
spec:
+ securityContext: {}
containers:
- image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION}
name: deployer
+ securityContext: {}
volumeMounts:
- name: secret
mountPath: /secret
@@ -48,6 +50,10 @@ objects:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
- name: IMAGE_PREFIX
value: ${IMAGE_PREFIX}
- name: IMAGE_VERSION
@@ -58,8 +64,12 @@ objects:
value: ${MODE}
- name: REDEPLOY
value: ${REDEPLOY}
+ - name: IGNORE_PREFLIGHT
+ value: ${IGNORE_PREFLIGHT}
- name: USE_PERSISTENT_STORAGE
value: ${USE_PERSISTENT_STORAGE}
+ - name: DYNAMICALLY_PROVISION_STORAGE
+ value: ${DYNAMICALLY_PROVISION_STORAGE}
- name: HAWKULAR_METRICS_HOSTNAME
value: ${HAWKULAR_METRICS_HOSTNAME}
- name: CASSANDRA_NODES
@@ -68,6 +78,10 @@ objects:
value: ${CASSANDRA_PV_SIZE}
- name: METRIC_DURATION
value: ${METRIC_DURATION}
+ - name: USER_WRITE_ACCESS
+ value: ${USER_WRITE_ACCESS}
+ - name: HEAPSTER_NODE_ID
+ value: ${HEAPSTER_NODE_ID}
- name: METRIC_RESOLUTION
value: ${METRIC_RESOLUTION}
dnsPolicy: ClusterFirst
@@ -87,7 +101,7 @@ parameters:
-
description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"'
name: IMAGE_VERSION
- value: "3.2.1"
+ value: "3.3.0"
-
description: "Internal URL for the master, for authentication retrieval"
name: MASTER_URL
@@ -97,7 +111,7 @@ parameters:
name: HAWKULAR_METRICS_HOSTNAME
required: true
-
- description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)"
+ description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment"
name: MODE
value: "deploy"
-
@@ -105,10 +119,18 @@ parameters:
name: REDEPLOY
value: "false"
-
+ description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy."
+ name: IGNORE_PREFLIGHT
+ value: "false"
+-
description: "Set to true for persistent storage, set to false to use non persistent storage"
name: USE_PERSISTENT_STORAGE
value: "true"
-
+ description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes"
+ name: DYNAMICALLY_PROVISION_STORAGE
+ value: "false"
+-
description: "The number of Cassandra Nodes to deploy for the initial cluster"
name: CASSANDRA_NODES
value: "1"
@@ -121,6 +143,14 @@ parameters:
name: METRIC_DURATION
value: "7"
-
- description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds"
+ description: "If a user accounts should be allowed to write metrics."
+ name: USER_WRITE_ACCESS
+ value: "false"
+-
+ description: "The identifier used when generating metric ids in Hawkular"
+ name: HEAPSTER_NODE_ID
+ value: "nodename"
+-
+ description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
name: METRIC_RESOLUTION
- value: "10s"
+ value: "15s"
diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml
new file mode 100644
index 000000000..11478263c
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml
@@ -0,0 +1,124 @@
+kind: Template
+apiVersion: v1
+metadata:
+ name: "registry-console"
+ annotations:
+ description: "Template for deploying registry web console. Requires cluster-admin."
+ tags: infrastructure
+labels:
+ createdBy: "registry-console-template"
+objects:
+ - kind: DeploymentConfig
+ apiVersion: v1
+ metadata:
+ name: "registry-console"
+ labels:
+ name: "registry-console"
+ spec:
+ triggers:
+ - type: ConfigChange
+ replicas: 1
+ selector:
+ name: "registry-console"
+ template:
+ metadata:
+ labels:
+ name: "registry-console"
+ spec:
+ containers:
+ - name: registry-console
+ image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION}
+ ports:
+ - containerPort: 9090
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /ping
+ port: 9090
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /ping
+ port: 9090
+ scheme: HTTP
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ env:
+ - name: OPENSHIFT_OAUTH_PROVIDER_URL
+ value: "${OPENSHIFT_OAUTH_PROVIDER_URL}"
+ - name: OPENSHIFT_OAUTH_CLIENT_ID
+ value: "${OPENSHIFT_OAUTH_CLIENT_ID}"
+ - name: KUBERNETES_INSECURE
+ value: "false"
+ - name: COCKPIT_KUBE_INSECURE
+ value: "false"
+ - name: REGISTRY_ONLY
+ value: "true"
+ - name: REGISTRY_HOST
+ value: "${REGISTRY_HOST}"
+ - kind: Service
+ apiVersion: v1
+ metadata:
+ name: "registry-console"
+ labels:
+ name: "registry-console"
+ spec:
+ type: ClusterIP
+ ports:
+ - name: registry-console
+ protocol: TCP
+ port: 9000
+ targetPort: 9090
+ selector:
+ name: "registry-console"
+ - kind: ImageStream
+ apiVersion: v1
+ metadata:
+ name: registry-console
+ annotations:
+ description: Atomic Registry console
+ spec:
+ tags:
+ - annotations: null
+ from:
+ kind: DockerImage
+ name: ${IMAGE_PREFIX}registry-console
+ name: ${IMAGE_VERSION}
+ - kind: OAuthClient
+ apiVersion: v1
+ metadata:
+ name: "${OPENSHIFT_OAUTH_CLIENT_ID}"
+ respondWithChallenges: false
+ secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}"
+ redirectURIs:
+ - "${COCKPIT_KUBE_URL}"
+parameters:
+ - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"'
+ name: IMAGE_PREFIX
+ value: "registry.access.redhat.com/openshift3/"
+ - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"'
+ name: IMAGE_VERSION
+ value: "3.3"
+ - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443"
+ name: OPENSHIFT_OAUTH_PROVIDER_URL
+ required: true
+ - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com"
+ name: COCKPIT_KUBE_URL
+ required: true
+ - description: "Oauth client secret"
+ name: OPENSHIFT_OAUTH_CLIENT_SECRET
+ from: "user[a-zA-Z0-9]{64}"
+ generate: expression
+ - description: "Oauth client id"
+ name: OPENSHIFT_OAUTH_CLIENT_ID
+ value: "cockpit-oauth-client"
+ - description: "The integrated registry hostname exposed via route, e.g. registry.example.com"
+ name: REGISTRY_HOST
+ required: true
diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml
index 77ffee7f9..8b28f872f 100644
--- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml
@@ -323,4 +323,3 @@ items:
description: "(Deprecated) Node selector operations Curator (label=value)."
name: CURATOR_OPS_NODESELECTOR
value: ""
-
diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml
index 89639fd67..ac5098c8a 100644
--- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml
@@ -68,6 +68,8 @@ objects:
value: ${IGNORE_PREFLIGHT}
- name: USE_PERSISTENT_STORAGE
value: ${USE_PERSISTENT_STORAGE}
+ - name: DYNAMICALLY_PROVISION_STORAGE
+ value: ${DYNAMICALLY_PROVISION_STORAGE}
- name: HAWKULAR_METRICS_HOSTNAME
value: ${HAWKULAR_METRICS_HOSTNAME}
- name: CASSANDRA_NODES
@@ -76,6 +78,8 @@ objects:
value: ${CASSANDRA_PV_SIZE}
- name: METRIC_DURATION
value: ${METRIC_DURATION}
+ - name: USER_WRITE_ACCESS
+ value: ${USER_WRITE_ACCESS}
- name: HEAPSTER_NODE_ID
value: ${HEAPSTER_NODE_ID}
- name: METRIC_RESOLUTION
@@ -123,6 +127,10 @@ parameters:
name: USE_PERSISTENT_STORAGE
value: "true"
-
+ description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes"
+ name: DYNAMICALLY_PROVISION_STORAGE
+ value: "false"
+-
description: "The number of Cassandra Nodes to deploy for the initial cluster"
name: CASSANDRA_NODES
value: "1"
@@ -135,10 +143,14 @@ parameters:
name: METRIC_DURATION
value: "7"
-
+ description: "If a user accounts should be allowed to write metrics."
+ name: USER_WRITE_ACCESS
+ value: "false"
+-
description: "The identifier used when generating metric ids in Hawkular"
name: HEAPSTER_NODE_ID
value: "nodename"
-
- description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds"
+ description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds"
name: METRIC_RESOLUTION
- value: "10s"
+ value: "15s"
diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml
new file mode 100644
index 000000000..80cc4233b
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml
@@ -0,0 +1,124 @@
+kind: Template
+apiVersion: v1
+metadata:
+ name: "registry-console"
+ annotations:
+ description: "Template for deploying registry web console. Requires cluster-admin."
+ tags: infrastructure
+labels:
+ createdBy: "registry-console-template"
+objects:
+ - kind: DeploymentConfig
+ apiVersion: v1
+ metadata:
+ name: "registry-console"
+ labels:
+ name: "registry-console"
+ spec:
+ triggers:
+ - type: ConfigChange
+ replicas: 1
+ selector:
+ name: "registry-console"
+ template:
+ metadata:
+ labels:
+ name: "registry-console"
+ spec:
+ containers:
+ - name: registry-console
+ image: ${IMAGE_NAME}:${IMAGE_VERSION}
+ ports:
+ - containerPort: 9090
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /ping
+ port: 9090
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /ping
+ port: 9090
+ scheme: HTTP
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ env:
+ - name: OPENSHIFT_OAUTH_PROVIDER_URL
+ value: "${OPENSHIFT_OAUTH_PROVIDER_URL}"
+ - name: OPENSHIFT_OAUTH_CLIENT_ID
+ value: "${OPENSHIFT_OAUTH_CLIENT_ID}"
+ - name: KUBERNETES_INSECURE
+ value: "false"
+ - name: COCKPIT_KUBE_INSECURE
+ value: "false"
+ - name: REGISTRY_ONLY
+ value: "true"
+ - name: REGISTRY_HOST
+ value: "${REGISTRY_HOST}"
+ - kind: Service
+ apiVersion: v1
+ metadata:
+ name: "registry-console"
+ labels:
+ name: "registry-console"
+ spec:
+ type: ClusterIP
+ ports:
+ - name: registry-console
+ protocol: TCP
+ port: 9000
+ targetPort: 9090
+ selector:
+ name: "registry-console"
+ - kind: ImageStream
+ apiVersion: v1
+ metadata:
+ name: registry-console
+ annotations:
+ description: Atomic Registry console
+ spec:
+ tags:
+ - annotations: null
+ from:
+ kind: DockerImage
+ name: ${IMAGE_NAME}
+ name: ${IMAGE_VERSION}
+ - kind: OAuthClient
+ apiVersion: v1
+ metadata:
+ name: "${OPENSHIFT_OAUTH_CLIENT_ID}"
+ respondWithChallenges: false
+ secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}"
+ redirectURIs:
+ - "${COCKPIT_KUBE_URL}"
+parameters:
+ - description: "Container image name"
+ name: IMAGE_NAME
+ value: "cockpit/kubernetes"
+ - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"'
+ name: IMAGE_VERSION
+ value: latest
+ - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443"
+ name: OPENSHIFT_OAUTH_PROVIDER_URL
+ required: true
+ - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com"
+ name: COCKPIT_KUBE_URL
+ required: true
+ - description: "Oauth client secret"
+ name: OPENSHIFT_OAUTH_CLIENT_SECRET
+ from: "user[a-zA-Z0-9]{64}"
+ generate: expression
+ - description: "Oauth client id"
+ name: OPENSHIFT_OAUTH_CLIENT_ID
+ value: "cockpit-oauth-client"
+ - description: "The integrated registry hostname exposed via route, e.g. registry.example.com"
+ name: REGISTRY_HOST
+ required: true
diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json
index f85e7e537..ab4982690 100644
--- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json
@@ -126,9 +126,9 @@
},
"spec": {
"strategy": {
- "type": "Rolling",
+ "type": "Recreate",
"recreateParams": {
- "pre": {
+ "pre": {
"failurePolicy": "Retry",
"execNewPod": {
"command": [
diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json
index d1ae6de90..e8e361415 100644
--- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json
@@ -5,11 +5,12 @@
"name": "jenkins-ephemeral",
"creationTimestamp": null,
"annotations": {
- "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
+ "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing",
"iconClass": "icon-jenkins",
"tags": "instant-app,jenkins"
}
},
+ "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.",
"objects": [
{
"kind": "Route",
@@ -25,6 +26,7 @@
},
"tls": {
"termination": "edge",
+ "insecureEdgeTerminationPolicy": "Redirect",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----",
"key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----",
"caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----"
@@ -74,6 +76,7 @@
}
},
"spec": {
+ "serviceAccountName": "${JENKINS_SERVICE_NAME}",
"containers": [
{
"name": "jenkins",
@@ -88,7 +91,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
- "initialDelaySeconds": 60,
+ "initialDelaySeconds": 120,
"httpGet": {
"path": "/login",
"port": 8080
@@ -98,6 +101,18 @@
{
"name": "JENKINS_PASSWORD",
"value": "${JENKINS_PASSWORD}"
+ },
+ {
+ "name": "KUBERNETES_MASTER",
+ "value": "https://kubernetes.default:443"
+ },
+ {
+ "name": "KUBERNETES_TRUST_CERTIFICATES",
+ "value": "true"
+ },
+ {
+ "name": "JNLP_SERVICE_NAME",
+ "value": "${JNLP_SERVICE_NAME}"
}
],
"resources": {
@@ -135,19 +150,42 @@
}
},
{
+ "kind": "ServiceAccount",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}"
+ }
+ },
+ {
+ "kind": "RoleBinding",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}_edit"
+ },
+ "groupNames": null,
+ "subjects": [
+ {
+ "kind": "ServiceAccount",
+ "name": "${JENKINS_SERVICE_NAME}"
+ }
+ ],
+ "roleRef": {
+ "name": "edit"
+ }
+ },
+ {
"kind": "Service",
"apiVersion": "v1",
"metadata": {
- "name": "${JENKINS_SERVICE_NAME}",
- "creationTimestamp": null
+ "name": "${JNLP_SERVICE_NAME}"
},
"spec": {
"ports": [
{
- "name": "web",
+ "name": "agent",
"protocol": "TCP",
- "port": 8080,
- "targetPort": 8080,
+ "port": 50000,
+ "targetPort": 50000,
"nodePort": 0
}
],
@@ -158,6 +196,35 @@
"type": "ClusterIP",
"sessionAffinity": "None"
}
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}",
+ "annotations": {
+ "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]",
+ "service.openshift.io/infrastructure": "true"
+ },
+ "creationTimestamp": null
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "web",
+ "protocol": "TCP",
+ "port": 80,
+ "targetPort": 8080,
+ "nodePort": 0
+ }
+ ],
+ "selector": {
+ "name": "${JENKINS_SERVICE_NAME}"
+ },
+ "portalIP": "",
+ "type": "ClusterIP",
+ "sessionAffinity": "None"
+ }
}
],
"parameters": [
@@ -168,11 +235,18 @@
"value": "jenkins"
},
{
+ "name": "JNLP_SERVICE_NAME",
+ "displayName": "Jenkins JNLP Service Name",
+ "description": "The name of the service used for master/slave communication.",
+ "value": "jenkins-jnlp"
+ },
+ {
"name": "JENKINS_PASSWORD",
"displayName": "Jenkins Password",
"description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
- "value": "password"
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
},
{
"name": "MEMORY_LIMIT",
diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json
index c7bc3f2fa..e4a18961e 100644
--- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json
+++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json
@@ -5,11 +5,12 @@
"name": "jenkins-persistent",
"creationTimestamp": null,
"annotations": {
- "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.",
+ "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.",
"iconClass": "icon-jenkins",
"tags": "instant-app,jenkins"
}
},
+ "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.",
"objects": [
{
"kind": "Route",
@@ -25,6 +26,7 @@
},
"tls": {
"termination": "edge",
+ "insecureEdgeTerminationPolicy": "Redirect",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----",
"key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----",
"caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----"
@@ -91,6 +93,7 @@
}
},
"spec": {
+ "serviceAccountName": "${JENKINS_SERVICE_NAME}",
"containers": [
{
"name": "jenkins",
@@ -105,7 +108,7 @@
},
"livenessProbe": {
"timeoutSeconds": 3,
- "initialDelaySeconds": 60,
+ "initialDelaySeconds": 120,
"httpGet": {
"path": "/login",
"port": 8080
@@ -115,6 +118,18 @@
{
"name": "JENKINS_PASSWORD",
"value": "${JENKINS_PASSWORD}"
+ },
+ {
+ "name": "KUBERNETES_MASTER",
+ "value": "https://kubernetes.default:443"
+ },
+ {
+ "name": "KUBERNETES_TRUST_CERTIFICATES",
+ "value": "true"
+ },
+ {
+ "name": "JNLP_SERVICE_NAME",
+ "value": "${JNLP_SERVICE_NAME}"
}
],
"resources": {
@@ -152,19 +167,42 @@
}
},
{
+ "kind": "ServiceAccount",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}"
+ }
+ },
+ {
+ "kind": "RoleBinding",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}_edit"
+ },
+ "groupNames": null,
+ "subjects": [
+ {
+ "kind": "ServiceAccount",
+ "name": "${JENKINS_SERVICE_NAME}"
+ }
+ ],
+ "roleRef": {
+ "name": "edit"
+ }
+ },
+ {
"kind": "Service",
"apiVersion": "v1",
"metadata": {
- "name": "${JENKINS_SERVICE_NAME}",
- "creationTimestamp": null
+ "name": "${JNLP_SERVICE_NAME}"
},
"spec": {
"ports": [
{
- "name": "web",
+ "name": "agent",
"protocol": "TCP",
- "port": 8080,
- "targetPort": 8080,
+ "port": 50000,
+ "targetPort": 50000,
"nodePort": 0
}
],
@@ -175,6 +213,35 @@
"type": "ClusterIP",
"sessionAffinity": "None"
}
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${JENKINS_SERVICE_NAME}",
+ "annotations": {
+ "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]",
+ "service.openshift.io/infrastructure": "true"
+ },
+ "creationTimestamp": null
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "web",
+ "protocol": "TCP",
+ "port": 80,
+ "targetPort": 8080,
+ "nodePort": 0
+ }
+ ],
+ "selector": {
+ "name": "${JENKINS_SERVICE_NAME}"
+ },
+ "portalIP": "",
+ "type": "ClusterIP",
+ "sessionAffinity": "None"
+ }
}
],
"parameters": [
@@ -185,11 +252,18 @@
"value": "jenkins"
},
{
+ "name": "JNLP_SERVICE_NAME",
+ "displayName": "Jenkins JNLP Service Name",
+ "description": "The name of the service used for master/slave communication.",
+ "value": "jenkins-jnlp"
+ },
+ {
"name": "JENKINS_PASSWORD",
"displayName": "Jenkins Password",
"description": "Password for the Jenkins 'admin' user.",
"generate": "expression",
- "value": "password"
+ "from": "[a-zA-Z0-9]{16}",
+ "required": true
},
{
"name": "MEMORY_LIMIT",
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json
index 46f93823c..4edc97f41 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json
@@ -127,6 +127,19 @@
"sampleRef": "6.4.x",
"version": "1.3"
}
+ },
+ {
+ "name": "1.4",
+ "annotations": {
+ "description": "JBoss EAP 6.4 S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,eap,javaee,java,jboss,xpaas",
+ "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4",
+ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
+ "sampleContextDir": "kitchensink",
+ "sampleRef": "6.4.x",
+ "version": "1.4"
+ }
}
]
}
@@ -152,6 +165,19 @@
"sampleRef": "7.0.0.GA",
"version": "1.3"
}
+ },
+ {
+ "name": "1.4",
+ "annotations": {
+ "description": "JBoss EAP 7.0 S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,eap,javaee,java,jboss,xpaas",
+ "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4",
+ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git",
+ "sampleContextDir": "kitchensink",
+ "sampleRef": "7.0.0.GA",
+ "version": "1.4"
+ }
}
]
}
@@ -168,7 +194,7 @@
{
"name": "1.2",
"annotations": {
- "description": "Decision Server 6.2 S2I images.",
+ "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.",
"iconClass": "icon-jboss",
"tags": "builder,decisionserver,java,xpaas",
"supports":"decisionserver:6.2,java:8,xpaas:1.2",
@@ -185,6 +211,56 @@
"kind": "ImageStream",
"apiVersion": "v1",
"metadata": {
+ "name": "jboss-decisionserver63-openshift"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift",
+ "tags": [
+ {
+ "name": "1.3",
+ "annotations": {
+ "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,decisionserver,java,xpaas",
+ "supports":"decisionserver:6.3,java:8,xpaas:1.3",
+ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "sampleContextDir": "decisionserver/hellorules",
+ "sampleRef": "1.3",
+ "version": "1.3"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "jboss-processserver63-openshift"
+ },
+ "spec": {
+ "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift",
+ "tags": [
+ {
+ "name": "1.3",
+ "annotations": {
+ "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.",
+ "iconClass": "icon-jboss",
+ "tags": "builder,processserver,java,xpaas",
+ "supports":"processserver:6.3,java:8,xpaas:1.3",
+ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "sampleContextDir": "processserver/library",
+ "sampleRef": "1.3",
+ "version": "1.3"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
"name": "jboss-datagrid65-openshift"
},
"spec": {
@@ -255,19 +331,16 @@
}
},
"spec": {
+ "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift",
"tags": [
{
- "name": "1.3-TP",
+ "name": "1.3",
"annotations": {
- "description": "Red Hat SSO 7.0 Tech Preview",
+ "description": "Red Hat SSO 7.0",
"iconClass": "icon-jboss",
"tags": "sso,keycloak,redhat",
"supports":"sso:7.0,xpaas:1.3",
"version": "1.3"
- },
- "from": {
- "kind": "DockerImage",
- "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3"
}
}
]
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json
index ce953c05f..ab35afead 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json
@@ -40,6 +40,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
"name": "MQ_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -281,6 +287,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_MESH_DISCOVERY_TYPE",
"value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json
index 7d41a29ad..c12f06dec 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json
@@ -46,6 +46,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -451,6 +457,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json
index 5d5dd9840..897ce0395 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json
@@ -46,6 +46,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -299,6 +305,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json
index 4122a02a1..97d110286 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json
@@ -40,6 +40,12 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
"description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
"name": "MQ_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -435,6 +441,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_MESH_DISCOVERY_TYPE",
"value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json
index d0e272a8d..12720eb19 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.",
"tags": "datagrid,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "datagrid65-postgresql-persistent"
},
"labels": {
"template": "datagrid65-postgresql-persistent",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -710,6 +710,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json
index 55a68db40..da8015fb0 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for JDG 6.5 and PostgreSQL applications built using.",
"tags": "datagrid,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "datagrid65-postgresql"
},
"labels": {
"template": "datagrid65-postgresql",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -698,6 +698,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json
index 219b8ece7..754a3b4c0 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,amq,java,messaging,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-amq-s2i"
},
"labels": {
"template": "decisionserver62-amq-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -145,18 +145,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -391,8 +389,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -460,11 +458,6 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
@@ -609,6 +602,11 @@
},
"ports": [
{
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
"name": "amqp",
"containerPort": 5672,
"protocol": "TCP"
@@ -658,20 +656,24 @@
"value": "${MQ_PROTOCOL}"
},
{
- "name": "AMQ_QUEUES",
- "value": "${MQ_QUEUES}"
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
},
{
- "name": "AMQ_TOPICS",
- "value": "${MQ_TOPICS}"
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json
index 097720375..8be4ac90b 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-basic-s2i"
},
"labels": {
"template": "decisionserver62-basic-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -245,8 +245,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -301,11 +301,6 @@
"name": "http",
"containerPort": 8080,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json
index e5e2dee63..bf9047599 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json
@@ -3,16 +3,16 @@
"apiVersion": "v1",
"metadata": {
"annotations": {
- "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.",
+ "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "decisionserver,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.3"
},
"name": "decisionserver62-https-s2i"
},
"labels": {
"template": "decisionserver62-https-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.3"
},
"parameters": [
{
@@ -334,8 +334,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -403,11 +403,6 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
- },
- {
- "name": "ping",
- "containerPort": 8888,
- "protocol": "TCP"
}
],
"env": [
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json
new file mode 100644
index 000000000..51e667e02
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json
@@ -0,0 +1,696 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,amq,java,messaging,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-amq-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-amq-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "decisionserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's HTTP port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's HTTPS port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's HTTP service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's HTTPS service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "decisionserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "mountPath": "/etc/decisionserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/decisionserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json
new file mode 100644
index 000000000..c5f0d006a
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json
@@ -0,0 +1,339 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-basic-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-basic-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json
new file mode 100644
index 000000000..3db0e4c84
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json
@@ -0,0 +1,473 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "decisionserver,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "decisionserver63-https-s2i"
+ },
+ "labels": {
+ "template": "decisionserver63-https-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "decisionserver/hellorules",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "decisionserver-app-secret",
+ "required": true
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-decisionserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "decisionserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "mountPath": "/etc/decisionserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/decisionserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "decisionserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json
index c9ecee9cb..72dbb4302 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap64-amq-persistent-s2i"
},
"labels": {
"template": "eap64-amq-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -88,6 +88,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -100,6 +112,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -126,18 +144,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -189,6 +205,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -342,7 +364,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -397,8 +419,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -419,7 +441,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -508,6 +530,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -528,6 +554,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -558,6 +588,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -713,6 +747,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
@@ -735,14 +773,6 @@
{
"name": "AMQ_STORAGE_USAGE_LIMIT",
"value": "${AMQ_STORAGE_USAGE_LIMIT}"
- },
- {
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
- },
- {
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json
index 99724db94..9dd847451 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap64-amq-s2i"
},
"labels": {
"template": "eap64-amq-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -114,18 +132,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -177,6 +193,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -330,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -385,8 +407,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -407,7 +429,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -496,6 +518,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -516,6 +542,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -546,6 +576,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -692,12 +726,28 @@
"value": "${MQ_TOPICS}"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json
index 2e3849e2a..7b1800b7b 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-basic-s2i"
},
"labels": {
"template": "eap64-basic-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -90,6 +90,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -172,7 +178,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -227,8 +233,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -318,6 +324,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json
index 2517be3ca..31716d84c 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-https-s2i"
},
"labels": {
"template": "eap64-https-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -76,6 +82,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -144,6 +156,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -273,7 +291,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -328,8 +346,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -350,7 +368,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -431,6 +449,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -473,6 +495,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json
index 97cc465d2..212431056 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mongodb-persistent-s2i"
},
"labels": {
"template": "eap64-mongodb-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -213,6 +225,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -366,7 +384,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -421,8 +439,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -443,7 +461,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -560,6 +578,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -602,6 +624,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json
index 8bdd85546..13fbbdd93 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MongoDB applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mongodb-s2i"
},
"labels": {
"template": "eap64-mongodb-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -207,6 +219,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -360,7 +378,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -415,8 +433,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -437,7 +455,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -554,6 +572,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -596,6 +618,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json
index dcc591836..69fdec206 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mysql-persistent-s2i"
},
"labels": {
"template": "eap64-mysql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -216,6 +228,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -369,7 +387,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -424,8 +442,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -446,7 +464,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -563,6 +581,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -605,6 +627,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-mysql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json
index 372802eea..2bd3c249f 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 MySQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-mysql-s2i"
},
"labels": {
"template": "eap64-mysql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -210,6 +222,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -363,7 +381,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -418,8 +436,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -440,7 +458,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -557,6 +575,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -599,6 +621,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-mysql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json
index 1ba00e3b5..31f245950 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-postgresql-persistent-s2i"
},
"labels": {
"template": "eap64-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -201,6 +213,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -354,7 +372,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -409,8 +427,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -431,7 +449,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -548,6 +566,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -590,6 +612,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-postgresql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -693,6 +723,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json
index 860374d3c..eac964697 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 6 PostgreSQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "eap64-postgresql-s2i"
},
"labels": {
"template": "eap64-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -195,6 +207,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -348,7 +366,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.2"
+ "name": "jboss-eap64-openshift:1.4"
}
}
},
@@ -403,8 +421,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -425,7 +443,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -542,6 +560,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -584,6 +606,14 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "TIMER_SERVICE_DATA_STORE",
+ "value": "${APPLICATION_NAME}-postgresql"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -681,6 +711,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json
index 6c644553e..09023be71 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json
@@ -6,13 +6,13 @@
"iconClass" : "icon-jboss",
"description": "Application template for EAP 6 applications built using S2I, enabled for SSO.",
"tags": "eap,javaee,java,jboss,xpaas,sso,keycloak",
- "version": "1.3.0"
+ "version": "1.3.2"
},
"name": "eap64-sso-s2i"
},
"labels": {
"template": "eap64-sso-s2i",
- "xpaas": "1.3.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -22,27 +22,27 @@
"required": true
},
{
- "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
"name": "HOSTNAME_HTTP",
"value": "",
- "required": false
+ "required": true
},
{
- "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
"name": "HOSTNAME_HTTPS",
"value": "",
- "required": false
+ "required": true
},
{
"description": "Git source URI for application",
"name": "SOURCE_REPOSITORY_URL",
- "value": "https://github.com/keycloak/keycloak-examples",
+ "value": "https://github.com/redhat-developer/redhat-sso-quickstarts",
"required": true
},
{
"description": "Git branch/tag reference",
"name": "SOURCE_REPOSITORY_REF",
- "value": "0.4-openshift",
+ "value": "7.0.x-ose",
"required": false
},
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap-app-secret",
@@ -76,15 +82,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -127,15 +139,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -146,31 +158,43 @@
"required": true
},
{
- "description": "SSO Location",
- "name": "SSO_URI",
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.",
+ "name": "SSO_URL",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.",
+ "name": "SSO_SERVICE_URL",
"value": "https://secure-sso:8443/auth",
"required": false
},
{
- "description": "SSO Realm",
+ "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).",
"name": "SSO_REALM",
- "value": "demo",
- "required": false
+ "value": "",
+ "required": true
},
{
- "description": "SSO Username",
+ "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.",
"name": "SSO_USERNAME",
"value": "",
"required": false
},
{
- "description": "SSO Password",
+ "description": "The password for the SSO service user.",
"name": "SSO_PASSWORD",
"value": "",
"required": false
},
{
- "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability",
+ "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.",
"name": "SSO_PUBLIC_KEY",
"value": "",
"required": false
@@ -182,21 +206,9 @@
"required": false
},
{
- "description": "Routes",
- "name": "APPLICATION_ROUTES",
- "value": "",
- "required": false
- },
- {
- "description": "Artifacts",
+ "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.",
"name": "ARTIFACT_DIR",
- "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target",
- "required": false
- },
- {
- "description": "maven",
- "name": "MAVEN_ARGS_APPEND",
- "value": "",
+ "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target",
"required": false
},
{
@@ -208,7 +220,7 @@
{
"description": "The name of the keystore file within the secret",
"name": "SSO_SAML_KEYSTORE",
- "value": "/etc/sso-saml-secret-volume/keystore.jks",
+ "value": "keystore.jks",
"required": false
},
{
@@ -235,6 +247,36 @@
"name": "SSO_ENABLE_CORS",
"value": "false",
"required": false
+ },
+ {
+ "description": "SSO logout page for SAML applications",
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "/",
+ "required": false
+ },
+ {
+ "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)",
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "true",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "eap-app-secret",
+ "required": false
}
],
"objects": [
@@ -364,7 +406,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap64-openshift:1.3"
+ "name": "jboss-eap64-openshift:1.4"
},
"env": [
{
@@ -373,7 +415,7 @@
},
{
"name": "MAVEN_ARGS_APPEND",
- "value": "${MAVEN_ARGS_APPEND}"
+ "value": ""
}
]
}
@@ -429,8 +471,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -451,7 +493,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -473,6 +515,11 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
"livenessProbe": {
@@ -529,6 +576,14 @@
}
},
{
+ "name": "HOSTNAME_HTTP",
+ "value": "${HOSTNAME_HTTP}"
+ },
+ {
+ "name": "HOSTNAME_HTTPS",
+ "value": "${HOSTNAME_HTTPS}"
+ },
+ {
"name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
@@ -537,6 +592,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -581,8 +640,16 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
- "name": "SSO_URI",
- "value": "${SSO_URI}"
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
+ "name": "SSO_URL",
+ "value": "${SSO_URL}"
+ },
+ {
+ "name": "SSO_SERVICE_URL",
+ "value": "${SSO_SERVICE_URL}"
},
{
"name": "SSO_REALM",
@@ -605,10 +672,6 @@
"value": "${SSO_BEARER_ONLY}"
},
{
- "name": "APPLICATION_ROUTES",
- "value": "${APPLICATION_ROUTES}"
- },
- {
"name": "SSO_SAML_KEYSTORE_SECRET",
"value": "${SSO_SAML_KEYSTORE_SECRET}"
},
@@ -617,6 +680,10 @@
"value": "${SSO_SAML_KEYSTORE}"
},
{
+ "name": "SSO_SAML_KEYSTORE_DIR",
+ "value": "/etc/sso-saml-secret-volume"
+ },
+ {
"name": "SSO_SAML_CERTIFICATE_NAME",
"value": "${SSO_SAML_CERTIFICATE_NAME}"
},
@@ -631,6 +698,26 @@
{
"name": "SSO_ENABLE_CORS",
"value": "${SSO_ENABLE_CORS}"
+ },
+ {
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "${SSO_SAML_LOGOUT_PAGE}"
+ },
+ {
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -653,6 +740,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json
index d9607ddd7..f08cdf2f9 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-amq-persistent-s2i"
},
"labels": {
"template": "eap70-amq-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -88,9 +88,21 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
- "value": "eap-app-secret",
+ "value": "eap7-app-secret",
"required": false
},
{
@@ -100,6 +112,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -126,18 +144,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -162,7 +178,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "eap7-app-secret",
"required": false
},
{
@@ -189,6 +205,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -342,7 +364,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -397,8 +419,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -419,7 +441,7 @@
}
},
"spec": {
- "serviceAccountName": "eap-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -508,6 +530,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -528,6 +554,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -558,6 +588,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -713,6 +747,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "AMQ_SPLIT",
"value": "${AMQ_SPLIT}"
},
@@ -735,14 +773,6 @@
{
"name": "AMQ_STORAGE_USAGE_LIMIT",
"value": "${AMQ_STORAGE_USAGE_LIMIT}"
- },
- {
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
- },
- {
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json
index 552b637b8..3ca9e9fab 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 A-MQ applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,amq,javaee,java,messaging,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-amq-s2i"
},
"labels": {
"template": "eap70-amq-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,18 @@
"required": false
},
{
+ "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html",
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -114,18 +132,16 @@
"required": false
},
{
- "description": "User name for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_USERNAME",
- "from": "user[a-zA-Z0-9]{3}",
- "generate": "expression",
- "required": true
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
},
{
- "description": "Password for broker admin. If left empty, it will be generated.",
- "name": "AMQ_ADMIN_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
},
{
"description": "GitHub trigger secret",
@@ -177,6 +193,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -330,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -385,8 +407,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -407,7 +429,7 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
"terminationGracePeriodSeconds": 60,
"containers": [
{
@@ -496,6 +518,10 @@
"value": "${MQ_TOPICS}"
},
{
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
"name": "OPENSHIFT_KUBE_PING_LABELS",
"value": "application=${APPLICATION_NAME}"
},
@@ -516,6 +542,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -546,6 +576,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
@@ -692,12 +726,28 @@
"value": "${MQ_TOPICS}"
},
{
- "name": "AMQ_ADMIN_USERNAME",
- "value": "${AMQ_ADMIN_USERNAME}"
+ "name": "MQ_SERIALIZABLE_PACKAGES",
+ "value": "${MQ_SERIALIZABLE_PACKAGES}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
},
{
- "name": "AMQ_ADMIN_PASSWORD",
- "value": "${AMQ_ADMIN_PASSWORD}"
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json
index f03fc69fa..83b4d5b24 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 7 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-basic-s2i"
},
"labels": {
"template": "eap70-basic-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -90,6 +90,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -172,7 +178,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -227,8 +233,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -249,12 +255,23 @@
}
},
"spec": {
- "terminationGracePeriodSeconds": 60,
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
"image": "${APPLICATION_NAME}",
"imagePullPolicy": "Always",
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -318,6 +335,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json
index 27d9b656d..1292442a4 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-jboss",
"description": "Application template for EAP 7 applications built using S2I.",
"tags": "eap,javaee,java,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-https-s2i"
},
"labels": {
"template": "eap70-https-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -64,6 +64,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -76,6 +82,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -144,6 +156,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -273,7 +291,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -328,8 +346,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -350,8 +368,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -369,6 +387,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -431,6 +460,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -473,6 +506,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json
index 9cc786416..99db77d58 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mongodb-persistent-s2i"
},
"labels": {
"template": "eap70-mongodb-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -213,6 +225,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -366,7 +384,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -421,8 +439,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -443,8 +461,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -462,6 +480,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -560,6 +589,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -602,6 +635,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json
index 4db6adcf8..c8150c231 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MongoDB applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mongodb,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mongodb-s2i"
},
"labels": {
"template": "eap70-mongodb-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -207,6 +219,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -360,7 +378,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -415,8 +433,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -437,8 +455,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -456,6 +474,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -554,6 +583,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -596,6 +629,10 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json
index 91a79d797..f8e5c2b04 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mysql-persistent-s2i"
},
"labels": {
"template": "eap70-mysql-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -216,6 +228,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -369,7 +387,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -424,8 +442,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -446,8 +464,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -465,6 +483,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -563,6 +592,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -607,6 +640,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-mysql"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json
index 63e4ecd2b..1edeb62e7 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 MySQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,mysql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-mysql-s2i"
},
"labels": {
"template": "eap70-mysql-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -210,6 +222,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -363,7 +381,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -418,8 +436,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -440,8 +458,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -459,6 +477,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -557,6 +586,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -601,6 +634,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-mysql"
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json
index ea681d847..d11df06ee 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-postgresql-persistent-s2i"
},
"labels": {
"template": "eap70-postgresql-persistent-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -82,6 +82,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -94,6 +100,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -201,6 +213,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -354,7 +372,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -409,8 +427,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -431,8 +449,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -450,6 +468,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -548,6 +577,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -592,6 +625,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-postgresql"
},
@@ -701,6 +738,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json
index df95d823e..6b7f6d707 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json
@@ -6,13 +6,13 @@
"description": "Application template for EAP 7 PostgreSQL applications built using S2I.",
"iconClass": "icon-jboss",
"tags": "eap,postgresql,javaee,java,database,jboss,xpaas",
- "version": "1.3.1"
+ "version": "1.3.2"
},
"name": "eap70-postgresql-s2i"
},
"labels": {
"template": "eap70-postgresql-s2i",
- "xpaas": "1.3.1"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -76,6 +76,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "eap7-app-secret",
@@ -88,6 +94,12 @@
"required": false
},
{
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
"description": "The name associated with the server certificate",
"name": "HTTPS_NAME",
"value": "",
@@ -195,6 +207,12 @@
"from": "[a-zA-Z0-9]{8}",
"generate": "expression",
"required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
}
],
"objects": [
@@ -348,7 +366,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "jboss-eap70-openshift:1.3"
+ "name": "jboss-eap70-openshift:1.4"
}
}
},
@@ -403,8 +421,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -425,8 +443,8 @@
}
},
"spec": {
- "serviceAccountName": "eap7-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -444,6 +462,17 @@
"readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -542,6 +571,10 @@
"value": "${HTTPS_KEYSTORE}"
},
{
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
"name": "HTTPS_NAME",
"value": "${HTTPS_NAME}"
},
@@ -586,6 +619,10 @@
"value": "${JGROUPS_CLUSTER_PASSWORD}"
},
{
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
"name": "DEFAULT_JOB_REPOSITORY",
"value": "${APPLICATION_NAME}-postgresql"
},
@@ -689,6 +726,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json
new file mode 100644
index 000000000..811602220
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json
@@ -0,0 +1,767 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "iconClass" : "icon-jboss",
+ "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.",
+ "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak",
+ "version": "1.3.2"
+ },
+ "name": "eap70-sso-s2i"
+ },
+ "labels": {
+ "template": "eap70-sso-s2i",
+ "xpaas": "1.3.2"
+ },
+ "parameters": [
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "eap-app",
+ "required": true
+ },
+ {
+ "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/redhat-developer/redhat-sso-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "7.0.x-ose",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "eap7-service-account",
+ "required": true
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "eap7-app-secret",
+ "required": true
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
+ "name": "HTTPS_NAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
+ "name": "HTTPS_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "JGROUPS_ENCRYPT_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "JGROUPS_ENCRYPT_KEYSTORE",
+ "value": "jgroups.jceks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. secret-key)",
+ "name": "JGROUPS_ENCRYPT_NAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate (e.g. password)",
+ "name": "JGROUPS_ENCRYPT_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "JGroups cluster password",
+ "name": "JGROUPS_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Controls whether exploded deployment content should be automatically deployed",
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.",
+ "name": "SSO_URL",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.",
+ "name": "SSO_SERVICE_URL",
+ "value": "https://secure-sso:8443/auth",
+ "required": false
+ },
+ {
+ "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": true
+ },
+ {
+ "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.",
+ "name": "SSO_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability",
+ "name": "SSO_PUBLIC_KEY",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "SSO Client Access Type",
+ "name": "SSO_BEARER_ONLY",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.",
+ "name": "ARTIFACT_DIR",
+ "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "SSO_SAML_KEYSTORE_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "SSO_SAML_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "SSO_SAML_CERTIFICATE_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "SSO_SAML_KEYSTORE_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "The SSO Client Secret for Confidential Access",
+ "name": "SSO_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Enable CORS for SSO applications",
+ "name": "SSO_ENABLE_CORS",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "SSO logout page for SAML applications",
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "/",
+ "required": false
+ },
+ {
+ "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)",
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "true",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "eap7-app-secret",
+ "required": false
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-eap70-openshift:1.4"
+ },
+ "env": [
+ {
+ "name": "ARTIFACT_DIR",
+ "value": "${ARTIFACT_DIR}"
+ },
+ {
+ "name": "MAVEN_ARGS_APPEND",
+ "value": ""
+ }
+ ]
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "sso-saml-keystore-volume",
+ "mountPath": "/etc/sso-saml-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "eap-keystore-volume",
+ "mountPath": "/etc/eap-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "eap-jgroups-keystore-volume",
+ "mountPath": "/etc/jgroups-encrypt-secret-volume",
+ "readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "OPENSHIFT_KUBE_PING_LABELS",
+ "value": "application=${APPLICATION_NAME}"
+ },
+ {
+ "name": "OPENSHIFT_KUBE_PING_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "HOSTNAME_HTTP",
+ "value": "${HOSTNAME_HTTP}"
+ },
+ {
+ "name": "HOSTNAME_HTTPS",
+ "value": "${HOSTNAME_HTTPS}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/eap-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_SECRET",
+ "value": "${JGROUPS_ENCRYPT_SECRET}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR",
+ "value": "/etc/jgroups-encrypt-secret-volume"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_KEYSTORE",
+ "value": "${JGROUPS_ENCRYPT_KEYSTORE}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_NAME",
+ "value": "${JGROUPS_ENCRYPT_NAME}"
+ },
+ {
+ "name": "JGROUPS_ENCRYPT_PASSWORD",
+ "value": "${JGROUPS_ENCRYPT_PASSWORD}"
+ },
+ {
+ "name": "JGROUPS_CLUSTER_PASSWORD",
+ "value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "AUTO_DEPLOY_EXPLODED",
+ "value": "${AUTO_DEPLOY_EXPLODED}"
+ },
+ {
+ "name": "SSO_URL",
+ "value": "${SSO_URL}"
+ },
+ {
+ "name": "SSO_SERVICE_URL",
+ "value": "${SSO_SERVICE_URL}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_USERNAME",
+ "value": "${SSO_USERNAME}"
+ },
+ {
+ "name": "SSO_PASSWORD",
+ "value": "${SSO_PASSWORD}"
+ },
+ {
+ "name": "SSO_PUBLIC_KEY",
+ "value": "${SSO_PUBLIC_KEY}"
+ },
+ {
+ "name": "SSO_BEARER_ONLY",
+ "value": "${SSO_BEARER_ONLY}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_SECRET",
+ "value": "${SSO_SAML_KEYSTORE_SECRET}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE",
+ "value": "${SSO_SAML_KEYSTORE}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_DIR",
+ "value": "/etc/sso-saml-secret-volume"
+ },
+ {
+ "name": "SSO_SAML_CERTIFICATE_NAME",
+ "value": "${SSO_SAML_CERTIFICATE_NAME}"
+ },
+ {
+ "name": "SSO_SAML_KEYSTORE_PASSWORD",
+ "value": "${SSO_SAML_KEYSTORE_PASSWORD}"
+ },
+ {
+ "name": "SSO_SECRET",
+ "value": "${SSO_SECRET}"
+ },
+ {
+ "name": "SSO_ENABLE_CORS",
+ "value": "${SSO_ENABLE_CORS}"
+ },
+ {
+ "name": "SSO_SAML_LOGOUT_PAGE",
+ "value": "${SSO_SAML_LOGOUT_PAGE}"
+ },
+ {
+ "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION",
+ "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "sso-saml-keystore-volume",
+ "secret": {
+ "secretName": "${SSO_SAML_KEYSTORE_SECRET}"
+ }
+ },
+ {
+ "name": "eap-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ },
+ {
+ "name": "eap-jgroups-keystore-volume",
+ "secret": {
+ "secretName": "${JGROUPS_ENCRYPT_SECRET}"
+ }
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json
index 376f2f61b..413a6de87 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json
@@ -215,8 +215,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json
index 0090d4090..610ea9441 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json
@@ -292,8 +292,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
index f0abc9b24..6ef9d6e4c 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json
@@ -385,8 +385,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
index dc43fbea3..9b48f8ae7 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json
@@ -379,8 +379,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
index 6d02c7487..30af703ce 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json
@@ -388,8 +388,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json
index cb23d32a7..c2843af63 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json
@@ -382,8 +382,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
index 82096ab12..b8372f374 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.",
"tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat7-postgresql-persistent-s2i"
},
"labels": {
"template": "jws30-tomcat7-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -373,8 +373,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -587,6 +587,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
index 6c2e42564..cd5bb9fa4 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications built using S2I.",
"tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat7-postgresql-s2i"
},
"labels": {
"template": "jws30-tomcat7-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -367,8 +367,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -575,6 +575,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json
index b425891c6..cb1e49d29 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json
@@ -215,8 +215,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json
index 7a5414fd7..21d5662c7 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json
@@ -292,8 +292,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
index 020c32d31..34657d826 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json
@@ -385,8 +385,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
index 48371db95..974cfaddb 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json
@@ -379,8 +379,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
index b1e847c60..7a8231cc5 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json
@@ -388,8 +388,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json
index ca501102f..cda21f237 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json
@@ -382,8 +382,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
index 9050874ab..4dfc98015 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.",
"tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat8-postgresql-persistent-s2i"
},
"labels": {
"template": "jws30-tomcat8-postgresql-persistent-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -373,8 +373,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -587,6 +587,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
index dba4d8b26..f6c85668c 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json
@@ -6,13 +6,13 @@
"iconClass": "icon-tomcat",
"description": "Application template for JWS PostgreSQL applications built using S2I.",
"tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas",
- "version": "1.2.0"
+ "version": "1.3.2"
},
"name": "jws30-tomcat8-postgresql-s2i"
},
"labels": {
"template": "jws30-tomcat8-postgresql-s2i",
- "xpaas": "1.2.0"
+ "xpaas": "1.3.2"
},
"parameters": [
{
@@ -367,8 +367,8 @@
"${APPLICATION_NAME}"
],
"from": {
- "kind": "ImageStream",
- "name": "${APPLICATION_NAME}"
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
}
}
},
@@ -573,6 +573,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json
new file mode 100644
index 000000000..1dea463ac
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json
@@ -0,0 +1,1079 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-mysql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-mysql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Split the data directory for each node in a mesh.",
+ "name": "AMQ_SPLIT",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/mysql/data",
+ "name": "${APPLICATION_NAME}-mysql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-mysql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-mysql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "mountPath": "/opt/amq/data",
+ "name": "${APPLICATION_NAME}-amq-pvol"
+ }
+ ],
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_SPLIT",
+ "value": "${AMQ_SPLIT}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-amq-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-amq-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteMany"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json
new file mode 100644
index 000000000..42264585b
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json
@@ -0,0 +1,959 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-mysql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-mysql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json
new file mode 100644
index 000000000..f6d0c99ed
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json
@@ -0,0 +1,1052 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-postgresql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-postgresql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Split the data directory for each node in a mesh.",
+ "name": "AMQ_SPLIT",
+ "value": "false",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/pgsql/data",
+ "name": "${APPLICATION_NAME}-postgresql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-postgresql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "mountPath": "/opt/amq/data",
+ "name": "${APPLICATION_NAME}-amq-pvol"
+ }
+ ],
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_SPLIT",
+ "value": "${AMQ_SPLIT}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-amq-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-amq-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteMany"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json
new file mode 100644
index 000000000..41c726cf0
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json
@@ -0,0 +1,932 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-amq-postgresql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-amq-postgresql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "JNDI name of request queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "queue/KIE.SERVER.REQUEST",
+ "required": false
+ },
+ {
+ "description": "JNDI name of response queue for JMS.",
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "queue/KIE.SERVER.RESPONSE",
+ "required": false
+ },
+ {
+ "description": "JNDI name of executor queue for JMS.",
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "queue/KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA",
+ "name": "MQ_JNDI",
+ "value": "java:/JmsXA",
+ "required": false
+ },
+ {
+ "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.",
+ "name": "MQ_PROTOCOL",
+ "value": "openwire",
+ "required": false
+ },
+ {
+ "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_QUEUES",
+ "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR",
+ "required": false
+ },
+ {
+ "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.",
+ "name": "MQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.",
+ "name": "MQ_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.",
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "kube",
+ "required": false
+ },
+ {
+ "description": "The A-MQ storage usage limit",
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "100 gb",
+ "required": false
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 61616,
+ "targetPort": 61616
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq-tcp",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The broker's OpenWire port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_REQUEST",
+ "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}"
+ },
+ {
+ "name": "KIE_SERVER_JMS_QUEUES_RESPONSE",
+ "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}"
+ },
+ {
+ "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE",
+ "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}"
+ },
+ {
+ "name": "MQ_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-amq=MQ"
+ },
+ {
+ "name": "MQ_JNDI",
+ "value": "${MQ_JNDI}"
+ },
+ {
+ "name": "MQ_USERNAME",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "MQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "MQ_PROTOCOL",
+ "value": "tcp"
+ },
+ {
+ "name": "MQ_QUEUES",
+ "value": "${MQ_QUEUES}"
+ },
+ {
+ "name": "MQ_TOPICS",
+ "value": "${MQ_TOPICS}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-amq"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-amq-62:1.3"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-amq",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-amq",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-amq",
+ "image": "jboss-amq-62",
+ "imagePullPolicy": "Always",
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/amq/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp",
+ "containerPort": 5672,
+ "protocol": "TCP"
+ },
+ {
+ "name": "amqp-ssl",
+ "containerPort": 5671,
+ "protocol": "TCP"
+ },
+ {
+ "name": "mqtt",
+ "containerPort": 1883,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp",
+ "containerPort": 61613,
+ "protocol": "TCP"
+ },
+ {
+ "name": "stomp-ssl",
+ "containerPort": 61612,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp",
+ "containerPort": 61616,
+ "protocol": "TCP"
+ },
+ {
+ "name": "tcp-ssl",
+ "containerPort": 61617,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "AMQ_USER",
+ "value": "${MQ_USERNAME}"
+ },
+ {
+ "name": "AMQ_PASSWORD",
+ "value": "${MQ_PASSWORD}"
+ },
+ {
+ "name": "AMQ_TRANSPORTS",
+ "value": "${MQ_PROTOCOL}"
+ },
+ {
+ "name": "AMQ_MESH_DISCOVERY_TYPE",
+ "value": "${AMQ_MESH_DISCOVERY_TYPE}"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAME",
+ "value": "${APPLICATION_NAME}-amq-tcp"
+ },
+ {
+ "name": "AMQ_MESH_SERVICE_NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ },
+ {
+ "name": "AMQ_STORAGE_USAGE_LIMIT",
+ "value": "${AMQ_STORAGE_USAGE_LIMIT}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json
new file mode 100644
index 000000000..170c919cb
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json
@@ -0,0 +1,345 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,javaee,java,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-basic-s2i"
+ },
+ "labels": {
+ "template": "processserver63-basic-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.H2Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts.git",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json
new file mode 100644
index 000000000..89d0db1a6
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json
@@ -0,0 +1,792 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-mysql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-mysql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/mysql/data",
+ "name": "${APPLICATION_NAME}-mysql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-mysql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-mysql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json
new file mode 100644
index 000000000..26cab29f8
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json
@@ -0,0 +1,716 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,mysql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-mysql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-mysql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.MySQL5Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "Sets how the table names are stored and compared.",
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "required": false
+ },
+ {
+ "description": "The maximum permitted number of simultaneous client connections.",
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "The minimum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "The maximum length of the word to be included in a FULLTEXT index.",
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "required": false
+ },
+ {
+ "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.",
+ "name": "MYSQL_AIO",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 3306,
+ "targetPort": 3306
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-mysql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-mysql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "mysql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-mysql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-mysql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-mysql",
+ "image": "mysql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 3306,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "MYSQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "MYSQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "MYSQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "MYSQL_LOWER_CASE_TABLE_NAMES",
+ "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}"
+ },
+ {
+ "name": "MYSQL_MAX_CONNECTIONS",
+ "value": "${MYSQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "MYSQL_FT_MIN_WORD_LEN",
+ "value": "${MYSQL_FT_MIN_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_FT_MAX_WORD_LEN",
+ "value": "${MYSQL_FT_MAX_WORD_LEN}"
+ },
+ {
+ "name": "MYSQL_AIO",
+ "value": "${MYSQL_AIO}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json
new file mode 100644
index 000000000..32a512829
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json
@@ -0,0 +1,765 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-postgresql-persistent-s2i"
+ },
+ "labels": {
+ "template": "processserver63-postgresql-persistent-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Size of persistent storage for database volume.",
+ "name": "VOLUME_CAPACITY",
+ "value": "512Mi",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JNDI",
+ "value": "${DB_JNDI}NotManaged"
+ },
+ {
+ "name": "QUARTZ_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "QUARTZ_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "QUARTZ_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "QUARTZ_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "QUARTZ_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "QUARTZ_JTA",
+ "value": "false"
+ },
+ {
+ "name": "QUARTZ_NONXA",
+ "value": "true"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "volumeMounts": [
+ {
+ "mountPath": "/var/lib/pgsql/data",
+ "name": "${APPLICATION_NAME}-postgresql-pvol"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql-pvol",
+ "persistentVolumeClaim": {
+ "claimName": "${APPLICATION_NAME}-postgresql-claim"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "PersistentVolumeClaim",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql-claim",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json
new file mode 100644
index 000000000..55e2199bb
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json
@@ -0,0 +1,689 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "annotations": {
+ "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.",
+ "iconClass": "icon-jboss",
+ "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas",
+ "version": "1.3.3"
+ },
+ "name": "processserver63-postgresql-s2i"
+ },
+ "labels": {
+ "template": "processserver63-postgresql-s2i",
+ "xpaas": "1.3.3"
+ },
+ "parameters": [
+ {
+ "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2",
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final",
+ "required": false
+ },
+ {
+ "description": "The protocol to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "https",
+ "required": false
+ },
+ {
+ "description": "The port to access the KIE Server REST interface.",
+ "name": "KIE_SERVER_PORT",
+ "value": "8443",
+ "required": false
+ },
+ {
+ "description": "The user name to access the KIE Server REST or JMS interface.",
+ "name": "KIE_SERVER_USER",
+ "value": "kieserver",
+ "required": false
+ },
+ {
+ "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).",
+ "name": "KIE_SERVER_PASSWORD",
+ "from": "[a-zA-Z]{6}[0-9]{1}!",
+ "generate": "expression",
+ "required": false
+ },
+ {
+ "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.",
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "other",
+ "required": false
+ },
+ {
+ "description": "Hibernate persistence dialect.",
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "org.hibernate.dialect.PostgreSQL82Dialect",
+ "required": false
+ },
+ {
+ "description": "The name for the application.",
+ "name": "APPLICATION_NAME",
+ "value": "kie-app",
+ "required": true
+ },
+ {
+ "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTP",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>",
+ "name": "HOSTNAME_HTTPS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Git source URI for application",
+ "name": "SOURCE_REPOSITORY_URL",
+ "value": "https://github.com/jboss-openshift/openshift-quickstarts",
+ "required": true
+ },
+ {
+ "description": "Git branch/tag reference",
+ "name": "SOURCE_REPOSITORY_REF",
+ "value": "1.3",
+ "required": false
+ },
+ {
+ "description": "Path within Git project to build; empty for root project directory.",
+ "name": "CONTEXT_DIR",
+ "value": "processserver/library",
+ "required": false
+ },
+ {
+ "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS",
+ "name": "DB_JNDI",
+ "value": "java:jboss/datasources/ExampleDS",
+ "required": false
+ },
+ {
+ "description": "Database name",
+ "name": "DB_DATABASE",
+ "value": "root",
+ "required": true
+ },
+ {
+ "description": "Queue names",
+ "name": "HORNETQ_QUEUES",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "Topic names",
+ "name": "HORNETQ_TOPICS",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the keystore file",
+ "name": "HTTPS_SECRET",
+ "value": "processserver-app-secret",
+ "required": false
+ },
+ {
+ "description": "The name of the keystore file within the secret",
+ "name": "HTTPS_KEYSTORE",
+ "value": "keystore.jks",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate",
+ "name": "HTTPS_NAME",
+ "value": "jboss",
+ "required": false
+ },
+ {
+ "description": "The password for the keystore and certificate",
+ "name": "HTTPS_PASSWORD",
+ "value": "mykeystorepass",
+ "required": false
+ },
+ {
+ "description": "Database user name",
+ "name": "DB_USERNAME",
+ "from": "user[a-zA-Z0-9]{3}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Database user password",
+ "name": "DB_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Sets xa-pool/min-pool-size for the configured datasource.",
+ "name": "DB_MIN_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets xa-pool/max-pool-size for the configured datasource.",
+ "name": "DB_MAX_POOL_SIZE",
+ "required": false
+ },
+ {
+ "description": "Sets transaction-isolation for the configured datasource.",
+ "name": "DB_TX_ISOLATION",
+ "required": false
+ },
+ {
+ "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.",
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "required": false
+ },
+ {
+ "description": "Configures how much memory is dedicated to PostgreSQL for caching data.",
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "required": false
+ },
+ {
+ "description": "HornetQ cluster admin password",
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "GitHub trigger secret",
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Generic build trigger secret",
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "from": "[a-zA-Z0-9]{8}",
+ "generate": "expression",
+ "required": true
+ },
+ {
+ "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.",
+ "name": "IMAGE_STREAM_NAMESPACE",
+ "value": "openshift",
+ "required": true
+ }
+ ],
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's http port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 8443,
+ "targetPort": 8443
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ }
+ },
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The web server's https port."
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "spec": {
+ "ports": [
+ {
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ }
+ },
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "The database server's port."
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-http",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's http service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTP}",
+ "to": {
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "id": "${APPLICATION_NAME}-https",
+ "metadata": {
+ "name": "secure-${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ },
+ "annotations": {
+ "description": "Route for application's https service."
+ }
+ },
+ "spec": {
+ "host": "${HOSTNAME_HTTPS}",
+ "to": {
+ "name": "secure-${APPLICATION_NAME}"
+ },
+ "tls": {
+ "termination": "passthrough"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ }
+ ],
+ "forcePull": true,
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "jboss-processserver63-openshift:1.3"
+ }
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${APPLICATION_NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "ImageChange",
+ "imageChange": {}
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}"
+ ],
+ "from": {
+ "kind": "ImageStream",
+ "name": "${APPLICATION_NAME}"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "serviceAccountName": "processserver-service-account",
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}",
+ "image": "${APPLICATION_NAME}",
+ "imagePullPolicy": "Always",
+ "volumeMounts": [
+ {
+ "name": "processserver-keystore-volume",
+ "mountPath": "/etc/processserver-secret-volume",
+ "readOnly": true
+ }
+ ],
+ "livenessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/livenessProbe.sh"
+ ]
+ }
+ },
+ "readinessProbe": {
+ "exec": {
+ "command": [
+ "/bin/bash",
+ "-c",
+ "/opt/eap/bin/readinessProbe.sh"
+ ]
+ }
+ },
+ "ports": [
+ {
+ "name": "jolokia",
+ "containerPort": 8778,
+ "protocol": "TCP"
+ },
+ {
+ "name": "http",
+ "containerPort": 8080,
+ "protocol": "TCP"
+ },
+ {
+ "name": "https",
+ "containerPort": 8443,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "KIE_CONTAINER_DEPLOYMENT",
+ "value": "${KIE_CONTAINER_DEPLOYMENT}"
+ },
+ {
+ "name": "KIE_SERVER_PROTOCOL",
+ "value": "${KIE_SERVER_PROTOCOL}"
+ },
+ {
+ "name": "KIE_SERVER_PORT",
+ "value": "${KIE_SERVER_PORT}"
+ },
+ {
+ "name": "KIE_SERVER_USER",
+ "value": "${KIE_SERVER_USER}"
+ },
+ {
+ "name": "KIE_SERVER_PASSWORD",
+ "value": "${KIE_SERVER_PASSWORD}"
+ },
+ {
+ "name": "KIE_SERVER_DOMAIN",
+ "value": "${KIE_SERVER_DOMAIN}"
+ },
+ {
+ "name": "KIE_SERVER_PERSISTENCE_DIALECT",
+ "value": "${KIE_SERVER_PERSISTENCE_DIALECT}"
+ },
+ {
+ "name": "DB_SERVICE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_JNDI",
+ "value": "${DB_JNDI}"
+ },
+ {
+ "name": "DB_USERNAME",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "DB_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "DB_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "TX_DATABASE_PREFIX_MAPPING",
+ "value": "${APPLICATION_NAME}-postgresql=DB"
+ },
+ {
+ "name": "DB_MIN_POOL_SIZE",
+ "value": "${DB_MIN_POOL_SIZE}"
+ },
+ {
+ "name": "DB_MAX_POOL_SIZE",
+ "value": "${DB_MAX_POOL_SIZE}"
+ },
+ {
+ "name": "DB_TX_ISOLATION",
+ "value": "${DB_TX_ISOLATION}"
+ },
+ {
+ "name": "HTTPS_KEYSTORE_DIR",
+ "value": "/etc/processserver-secret-volume"
+ },
+ {
+ "name": "HTTPS_KEYSTORE",
+ "value": "${HTTPS_KEYSTORE}"
+ },
+ {
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
+ },
+ {
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_CLUSTER_PASSWORD",
+ "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "HORNETQ_QUEUES",
+ "value": "${HORNETQ_QUEUES}"
+ },
+ {
+ "name": "HORNETQ_TOPICS",
+ "value": "${HORNETQ_TOPICS}"
+ }
+ ]
+ }
+ ],
+ "volumes": [
+ {
+ "name": "processserver-keystore-volume",
+ "secret": {
+ "secretName": "${HTTPS_SECRET}"
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "${APPLICATION_NAME}-postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${IMAGE_STREAM_NAMESPACE}",
+ "name": "postgresql:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql"
+ },
+ "template": {
+ "metadata": {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "labels": {
+ "deploymentConfig": "${APPLICATION_NAME}-postgresql",
+ "application": "${APPLICATION_NAME}"
+ }
+ },
+ "spec": {
+ "terminationGracePeriodSeconds": 60,
+ "containers": [
+ {
+ "name": "${APPLICATION_NAME}-postgresql",
+ "image": "postgresql",
+ "imagePullPolicy": "Always",
+ "ports": [
+ {
+ "containerPort": 5432,
+ "protocol": "TCP"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DB_USERNAME}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DB_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DB_DATABASE}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json
index 7f320bace..fb0578a67 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,java,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
- "name": "sso70-basic"
+ "name": "sso70-https"
},
"labels": {
- "template": "sso70-basic",
- "xpaas" : "1.3.0"
+ "template": "sso70-https",
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -34,6 +34,12 @@
"required": false
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -46,15 +52,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -73,28 +85,9 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -104,15 +97,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -127,6 +120,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -179,30 +220,6 @@
}
},
{
- "kind": "Service",
- "apiVersion": "v1",
- "spec": {
- "ports": [
- {
- "port": 5432,
- "targetPort": 5432
- }
- ],
- "selector": {
- "deploymentConfig": "${APPLICATION_NAME}-basic"
- }
- },
- "metadata": {
- "name": "${APPLICATION_NAME}-basic",
- "labels": {
- "application": "${APPLICATION_NAME}"
- },
- "annotations": {
- "description": "The database server's port."
- }
- }
- },
- {
"kind": "Route",
"apiVersion": "v1",
"id": "${APPLICATION_NAME}-http",
@@ -269,7 +286,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -290,8 +307,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -307,8 +324,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -342,6 +375,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -370,32 +408,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
- },
- {
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -420,6 +450,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -436,6 +498,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json
index dc8bd740e..dcbb24bf1 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 MySQL applications with persistent storage",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,mysql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-mysql-persistent"
},
"labels": {
"template": "sso70-mysql-persistent",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -110,13 +122,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -131,18 +136,6 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -151,7 +144,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -161,13 +154,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -184,6 +177,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -326,7 +367,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -347,8 +388,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -364,8 +405,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -399,6 +456,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -451,32 +513,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -501,6 +555,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -517,6 +603,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
index 029dcee54..1768f7a1b 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 MySQL applications",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,mysql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-mysql"
},
"labels": {
"template": "sso70-mysql",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -110,13 +122,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -131,21 +136,9 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -155,13 +148,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -178,6 +171,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -326,7 +367,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -348,8 +389,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -365,8 +406,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -400,6 +457,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -452,32 +514,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -502,6 +556,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -518,6 +604,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json
index bad7e49b2..4c2f81f2e 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-postgresql-persistent"
},
"labels": {
"template": "sso70-postgresql-persistent",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -95,13 +107,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -116,18 +121,6 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "Size of persistent storage for database volume.",
"name": "VOLUME_CAPACITY",
"value": "512Mi",
@@ -136,7 +129,7 @@
{
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -146,13 +139,13 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
"value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
"value": "",
"required": false
@@ -169,6 +162,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -311,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -332,8 +373,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -349,8 +390,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -384,6 +441,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -436,32 +498,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -486,6 +540,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -502,6 +588,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
@@ -589,6 +681,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json
index 08257d192..d8402ef72 100644
--- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json
+++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json
@@ -6,13 +6,13 @@
"description": "Application template for SSO 7.0 PostgreSQL applications",
"iconClass" : "icon-jboss",
"tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas",
- "version" : "1.3"
+ "version" : "1.3.2"
},
"name": "sso70-postgresql"
},
"labels": {
"template": "sso70-postgresql",
- "xpaas" : "1.3.0"
+ "xpaas" : "1.3.2"
},
"parameters": [
{
@@ -46,6 +46,12 @@
"required": true
},
{
+ "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.",
+ "name": "SERVICE_ACCOUNT_NAME",
+ "value": "sso-service-account",
+ "required": true
+ },
+ {
"description": "The name of the secret containing the keystore file",
"name": "HTTPS_SECRET",
"value": "sso-app-secret",
@@ -58,15 +64,21 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The type of the keystore file (JKS or JCEKS)",
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name associated with the server certificate (e.g. jboss)",
"name": "HTTPS_NAME",
- "value": "jboss",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. mykeystorepass)",
"name": "HTTPS_PASSWORD",
- "value": "mykeystorepass",
+ "value": "",
"required": false
},
{
@@ -95,13 +107,6 @@
"required": false
},
{
- "description": "HornetQ cluster admin password",
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "from": "[a-zA-Z0-9]{8}",
- "generate": "expression",
- "required": true
- },
- {
"description": "Database user name",
"name": "DB_USERNAME",
"from": "user[a-zA-Z0-9]{3}",
@@ -116,21 +121,9 @@
"required": true
},
{
- "description": "Queue names",
- "name": "HORNETQ_QUEUES",
- "value": "",
- "required": false
- },
- {
- "description": "Topic names",
- "name": "HORNETQ_TOPICS",
- "value": "",
- "required": false
- },
- {
"description": "The name of the secret containing the keystore file",
"name": "JGROUPS_ENCRYPT_SECRET",
- "value": "eap-app-secret",
+ "value": "sso-app-secret",
"required": false
},
{
@@ -140,15 +133,15 @@
"required": false
},
{
- "description": "The name associated with the server certificate",
+ "description": "The name associated with the server certificate (e.g. secret-key)",
"name": "JGROUPS_ENCRYPT_NAME",
- "value": "secret-key",
+ "value": "",
"required": false
},
{
- "description": "The password for the keystore and certificate",
+ "description": "The password for the keystore and certificate (e.g. password)",
"name": "JGROUPS_ENCRYPT_PASSWORD",
- "value": "password",
+ "value": "",
"required": false
},
{
@@ -163,6 +156,54 @@
"name": "IMAGE_STREAM_NAMESPACE",
"value": "openshift",
"required": true
+ },
+ {
+ "description": "SSO Server admin username",
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "SSO Server admin password",
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "admin",
+ "required": false
+ },
+ {
+ "description": "Realm to be created in the SSO server (e.g. demo).",
+ "name": "SSO_REALM",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.",
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the SSO service user.",
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the truststore file within the secret (e.g. truststore.jks)",
+ "name": "SSO_TRUSTSTORE",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The password for the truststore and certificate (e.g. mykeystorepass)",
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "",
+ "required": false
+ },
+ {
+ "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName",
+ "name": "SSO_TRUSTSTORE_SECRET",
+ "value": "sso-app-secret",
+ "required": false
}
],
"objects": [
@@ -311,7 +352,7 @@
"from": {
"kind": "ImageStreamTag",
"namespace": "${IMAGE_STREAM_NAMESPACE}",
- "name": "redhat-sso70-openshift:1.3-TP"
+ "name": "redhat-sso70-openshift:1.3"
}
}
},
@@ -333,8 +374,8 @@
}
},
"spec": {
- "serviceAccountName": "sso-service-account",
- "terminationGracePeriodSeconds": 60,
+ "serviceAccountName": "${SERVICE_ACCOUNT_NAME}",
+ "terminationGracePeriodSeconds": 75,
"containers": [
{
"name": "${APPLICATION_NAME}",
@@ -350,8 +391,24 @@
"name": "eap-jgroups-keystore-volume",
"mountPath": "/etc/jgroups-encrypt-secret-volume",
"readOnly": true
+ },
+ {
+ "name": "sso-truststore-volume",
+ "mountPath": "/etc/sso-secret-volume",
+ "readOnly": true
}
],
+ "lifecycle": {
+ "preStop": {
+ "exec": {
+ "command": [
+ "/opt/eap/bin/jboss-cli.sh",
+ "-c",
+ ":shutdown(timeout=60)"
+ ]
+ }
+ }
+ },
"livenessProbe": {
"exec": {
"command": [
@@ -385,6 +442,11 @@
"name": "https",
"containerPort": 8443,
"protocol": "TCP"
+ },
+ {
+ "name": "ping",
+ "containerPort": 8888,
+ "protocol": "TCP"
}
],
"env": [
@@ -437,32 +499,24 @@
}
},
{
- "name": "EAP_HTTPS_KEYSTORE_DIR",
+ "name": "HTTPS_KEYSTORE_DIR",
"value": "/etc/eap-secret-volume"
},
{
- "name": "EAP_HTTPS_KEYSTORE",
+ "name": "HTTPS_KEYSTORE",
"value": "${HTTPS_KEYSTORE}"
},
{
- "name": "EAP_HTTPS_NAME",
- "value": "${HTTPS_NAME}"
- },
- {
- "name": "EAP_HTTPS_PASSWORD",
- "value": "${HTTPS_PASSWORD}"
- },
- {
- "name": "HORNETQ_CLUSTER_PASSWORD",
- "value": "${HORNETQ_CLUSTER_PASSWORD}"
+ "name": "HTTPS_KEYSTORE_TYPE",
+ "value": "${HTTPS_KEYSTORE_TYPE}"
},
{
- "name": "HORNETQ_QUEUES",
- "value": "${HORNETQ_QUEUES}"
+ "name": "HTTPS_NAME",
+ "value": "${HTTPS_NAME}"
},
{
- "name": "HORNETQ_TOPICS",
- "value": "${HORNETQ_TOPICS}"
+ "name": "HTTPS_PASSWORD",
+ "value": "${HTTPS_PASSWORD}"
},
{
"name": "JGROUPS_ENCRYPT_SECRET",
@@ -487,6 +541,38 @@
{
"name": "JGROUPS_CLUSTER_PASSWORD",
"value": "${JGROUPS_CLUSTER_PASSWORD}"
+ },
+ {
+ "name": "SSO_ADMIN_USERNAME",
+ "value": "${SSO_ADMIN_USERNAME}"
+ },
+ {
+ "name": "SSO_ADMIN_PASSWORD",
+ "value": "${SSO_ADMIN_PASSWORD}"
+ },
+ {
+ "name": "SSO_REALM",
+ "value": "${SSO_REALM}"
+ },
+ {
+ "name": "SSO_SERVICE_USERNAME",
+ "value": "${SSO_SERVICE_USERNAME}"
+ },
+ {
+ "name": "SSO_SERVICE_PASSWORD",
+ "value": "${SSO_SERVICE_PASSWORD}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE",
+ "value": "${SSO_TRUSTSTORE}"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_DIR",
+ "value": "/etc/sso-secret-volume"
+ },
+ {
+ "name": "SSO_TRUSTSTORE_PASSWORD",
+ "value": "${SSO_TRUSTSTORE_PASSWORD}"
}
]
}
@@ -503,6 +589,12 @@
"secret": {
"secretName": "${JGROUPS_ENCRYPT_SECRET}"
}
+ },
+ {
+ "name": "sso-truststore-volume",
+ "secret": {
+ "secretName": "${SSO_TRUSTSTORE_SECRET}"
+ }
}
]
}
@@ -586,6 +678,10 @@
"value": "${POSTGRESQL_MAX_CONNECTIONS}"
},
{
+ "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
"name": "POSTGRESQL_SHARED_BUFFERS",
"value": "${POSTGRESQL_SHARED_BUFFERS}"
}
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index 8d2248578..4150fabec 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -49,8 +49,10 @@
# RHEL and Centos image streams are mutually exclusive
- name: Import RHEL streams
command: >
- {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ rhel_image_streams }}
+ {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ item }}
when: openshift_examples_load_rhel | bool
+ with_items:
+ - "{{ rhel_image_streams }}"
register: oex_import_rhel_streams
failed_when: "'already exists' not in oex_import_rhel_streams.stderr and oex_import_rhel_streams.rc != 0"
changed_when: false
@@ -95,6 +97,21 @@
failed_when: "'already exists' not in oex_import_infrastructure.stderr and oex_import_infrastructure.rc != 0"
changed_when: false
+- name: Remove old xPaas template files
+ file:
+ path: "{{ item }}"
+ state: absent
+ with_items:
+ - "{{ xpaas_templates_base }}/sso70-basic.json"
+
+- name: Remove old xPaas templates from openshift namespace
+ command: "{{ openshift.common.client_binary }} -n openshift delete templates/{{ item }}"
+ with_items:
+ - sso70-basic
+ register: oex_delete_old_xpaas_templates
+ failed_when: "'not found' not in oex_delete_old_xpaas_templates.stderr and oex_delete_old_xpaas_templates.rc != 0"
+ changed_when: false
+
- name: Import xPaas image streams
command: >
{{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ xpaas_image_streams }}
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 54bdbc775..ebd799466 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -477,26 +477,17 @@ def set_selectors(facts):
facts['hosted']['registry'] = {}
if 'selector' not in facts['hosted']['registry'] or facts['hosted']['registry']['selector'] in [None, 'None']:
facts['hosted']['registry']['selector'] = selector
+ if 'metrics' not in facts['hosted']:
+ facts['hosted']['metrics'] = {}
+ if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']:
+ facts['hosted']['metrics']['selector'] = None
+ if 'logging' not in facts['hosted']:
+ facts['hosted']['logging'] = {}
+ if 'selector' not in facts['hosted']['logging'] or facts['hosted']['logging']['selector'] in [None, 'None']:
+ facts['hosted']['logging']['selector'] = None
return facts
-def set_metrics_facts_if_unset(facts):
- """ Set cluster metrics facts if not already present in facts dict
- dict: the facts dict updated with the generated cluster metrics facts if
- missing
- Args:
- facts (dict): existing facts
- Returns:
- dict: the facts dict updated with the generated cluster metrics
- facts if they were not already present
-
- """
- if 'common' in facts:
- if 'use_cluster_metrics' not in facts['common']:
- use_cluster_metrics = False
- facts['common']['use_cluster_metrics'] = use_cluster_metrics
- return facts
-
def set_dnsmasq_facts_if_unset(facts):
""" Set dnsmasq facts if not already present in facts
Args:
@@ -806,7 +797,7 @@ def set_deployment_facts_if_unset(facts):
curr_disabled_features = set(facts['master']['disabled_features'])
facts['master']['disabled_features'] = list(curr_disabled_features.union(openshift_features))
else:
- if deployment_type == 'atomic-enterprise':
+ if facts['common']['deployment_subtype'] == 'registry':
facts['master']['disabled_features'] = openshift_features
if 'node' in facts:
@@ -961,7 +952,12 @@ def format_url(use_ssl, hostname, port, path=''):
netloc = hostname
if (use_ssl and port != '443') or (not use_ssl and port != '80'):
netloc += ":%s" % port
- return urlparse.urlunparse((scheme, netloc, path, '', '', ''))
+ try:
+ url = urlparse.urlunparse((scheme, netloc, path, '', '', ''))
+ except AttributeError:
+ # pylint: disable=undefined-variable
+ url = urlunparse((scheme, netloc, path, '', '', ''))
+ return url
def get_current_config(facts):
""" Get current openshift config
@@ -1616,11 +1612,13 @@ class OpenShiftFacts(object):
try:
# ansible-2.1
- # pylint: disable=too-many-function-args
+ # pylint: disable=too-many-function-args,invalid-name
self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter'])
- except TypeError:
- # ansible-1.9.x,ansible-2.0.x
- self.system_facts = ansible_facts(module)
+ for (k, v) in self.system_facts.items():
+ self.system_facts["ansible_%s" % k.replace('-', '_')] = v
+ except UnboundLocalError:
+ # ansible-2.2
+ self.system_facts = get_all_facts(module)['ansible_facts']
self.facts = self.generate_facts(local_facts,
additive_facts_to_overwrite,
@@ -1659,7 +1657,12 @@ class OpenShiftFacts(object):
else:
deployment_type = 'origin'
- defaults = self.get_defaults(roles, deployment_type)
+ if 'common' in local_facts and 'deployment_subtype' in local_facts['common']:
+ deployment_subtype = local_facts['common']['deployment_subtype']
+ else:
+ deployment_subtype = 'basic'
+
+ defaults = self.get_defaults(roles, deployment_type, deployment_subtype)
provider_facts = self.init_provider_facts()
facts = apply_provider_facts(defaults, provider_facts)
facts = merge_facts(facts,
@@ -1674,7 +1677,6 @@ class OpenShiftFacts(object):
facts = set_nuage_facts_if_unset(facts)
facts = set_node_schedulability(facts)
facts = set_selectors(facts)
- facts = set_metrics_facts_if_unset(facts)
facts = set_identity_providers_if_unset(facts)
facts = set_sdn_facts_if_unset(facts, self.system_facts)
facts = set_deployment_facts_if_unset(facts)
@@ -1692,7 +1694,7 @@ class OpenShiftFacts(object):
facts = set_installed_variant_rpm_facts(facts)
return dict(openshift=facts)
- def get_defaults(self, roles, deployment_type):
+ def get_defaults(self, roles, deployment_type, deployment_subtype):
""" Get default fact values
Args:
@@ -1702,16 +1704,17 @@ class OpenShiftFacts(object):
dict: The generated default facts
"""
defaults = {}
- ip_addr = self.system_facts['default_ipv4']['address']
+ ip_addr = self.system_facts['ansible_default_ipv4']['address']
exit_code, output, _ = module.run_command(['hostname', '-f'])
hostname_f = output.strip() if exit_code == 0 else ''
- hostname_values = [hostname_f, self.system_facts['nodename'],
- self.system_facts['fqdn']]
+ hostname_values = [hostname_f, self.system_facts['ansible_nodename'],
+ self.system_facts['ansible_fqdn']]
hostname = choose_hostname(hostname_values, ip_addr)
defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr,
public_ip=ip_addr,
deployment_type=deployment_type,
+ deployment_subtype=deployment_subtype,
hostname=hostname,
public_hostname=hostname,
portal_net='172.30.0.0/16',
@@ -1726,6 +1729,7 @@ class OpenShiftFacts(object):
{"name": "PodFitsResources"},
{"name": "PodFitsPorts"},
{"name": "NoDiskConflict"},
+ {"name": "NoVolumeZoneConflict"},
{"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}}
]
scheduler_priorities = [
@@ -1757,7 +1761,7 @@ class OpenShiftFacts(object):
if 'node' in roles:
defaults['node'] = dict(labels={}, annotations={},
- iptables_sync_period='5s',
+ iptables_sync_period='30s',
local_quota_per_fsgroup="",
set_node_ip=False)
@@ -1801,8 +1805,9 @@ class OpenShiftFacts(object):
filesystem='ext4',
volumeID='123'),
host=None,
- access_modes=['ReadWriteMany'],
- create_pv=True
+ access_modes=['ReadWriteOnce'],
+ create_pv=True,
+ create_pvc=False
)
),
registry=dict(
@@ -1817,7 +1822,8 @@ class OpenShiftFacts(object):
options='*(rw,root_squash)'),
host=None,
access_modes=['ReadWriteMany'],
- create_pv=True
+ create_pv=True,
+ create_pvc=True
)
),
router=dict()
@@ -1839,10 +1845,10 @@ class OpenShiftFacts(object):
dict: The generated default facts for the detected provider
"""
# TODO: cloud provider facts should probably be submitted upstream
- product_name = self.system_facts['product_name']
- product_version = self.system_facts['product_version']
- virt_type = self.system_facts['virtualization_type']
- virt_role = self.system_facts['virtualization_role']
+ product_name = self.system_facts['ansible_product_name']
+ product_version = self.system_facts['ansible_product_version']
+ virt_type = self.system_facts['ansible_virtualization_type']
+ virt_role = self.system_facts['ansible_virtualization_role']
provider = None
metadata = None
@@ -2125,12 +2131,16 @@ def main():
additive_facts_to_overwrite=dict(default=[], type='list', required=False),
openshift_env=dict(default={}, type='dict', required=False),
openshift_env_structures=dict(default=[], type='list', required=False),
- protected_facts_to_overwrite=dict(default=[], type='list', required=False),
+ protected_facts_to_overwrite=dict(default=[], type='list', required=False)
),
supports_check_mode=True,
add_file_common_args=True,
)
+ module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter']
+ module.params['gather_timeout'] = 10
+ module.params['filter'] = '*'
+
role = module.params['role']
local_facts = module.params['local_facts']
additive_facts_to_overwrite = module.params['additive_facts_to_overwrite']
diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml
index 4dbbd7f45..afeb78f95 100644
--- a/roles/openshift_facts/tasks/main.yml
+++ b/roles/openshift_facts/tasks/main.yml
@@ -24,6 +24,7 @@
local_facts:
# TODO: Deprecate deployment_type in favor of openshift_deployment_type
deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}"
+ deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}"
cluster_id: "{{ openshift_cluster_id | default('default') }}"
hostname: "{{ openshift_hostname | default(None) }}"
ip: "{{ openshift_ip | default(None) }}"
@@ -40,4 +41,3 @@
- name: Set repoquery command
set_fact:
repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
-
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index c7d20f88b..74c50ae1d 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -11,27 +11,4 @@ galaxy_info:
- 7
categories:
- cloud
-dependencies:
-- role: openshift_cli
-- role: openshift_hosted_facts
-- role: openshift_projects
- # TODO: Move standard project definitions to openshift_hosted/vars/main.yml
- # Vars are not accessible in meta/main.yml in ansible-1.9.x
- openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - hostnetwork
- when: openshift.common.version_gte_3_2_or_1_2
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - privileged
- when: not openshift.common.version_gte_3_2_or_1_2
-- role: openshift_metrics
- when: openshift.hosted.metrics.deploy | bool
+dependencies: []
diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml
index c801a0e67..67c6bbfd7 100644
--- a/roles/openshift_hosted/tasks/main.yml
+++ b/roles/openshift_hosted/tasks/main.yml
@@ -13,7 +13,10 @@
changed_when: False
- include: router/router.yml
+ when: openshift_hosted_manage_router | default(true) | bool
+
- include: registry/registry.yml
+ when: openshift_hosted_manage_registry | default(true) | bool
- name: Delete temp directory
file:
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index a1edef132..b28974236 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -4,12 +4,27 @@
{{ openshift.common.client_binary }} --api-version='v1' -o json
get nodes -n default --config={{ openshift_hosted_kubeconfig }}
--selector={{ openshift.hosted.registry.selector | default('') }}
- register: openshift_hosted_registry_nodes_json
+ register: registry_nodes_json
changed_when: false
when: openshift.hosted.registry.replicas | default(none) is none
- set_fact:
- replicas: "{{ openshift.hosted.registry.replicas | default(((openshift_hosted_registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) if openshift.hosted.registry.storage.kind | default(none) is not none else 1) }}"
+ l_node_count: "{{ (registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length }}"
+
+# Determine the default number of registry/router replicas to use if no count
+# has been specified.
+# If no registry nodes defined, the default should be 0.
+- set_fact:
+ l_default_replicas: 0
+ when: l_node_count | int == 0
+
+# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1:
+- set_fact:
+ l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
+ when: l_node_count | int > 0
+
+- set_fact:
+ replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
- name: Create OpenShift registry
command: >
@@ -32,9 +47,12 @@
register: openshift_hosted_registry_results
changed_when: "'service exists' not in openshift_hosted_registry_results.stdout"
failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr"
+ when: replicas | int > 0
- include: storage/object_storage.yml
- when: openshift.hosted.registry.storage.kind | default(none) == 'object'
+ static: no
+ when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object'
- include: storage/persistent_volume.yml
- when: openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack']
+ static: no
+ when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack']
diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml
index 6bf859e82..60eefd71a 100644
--- a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml
@@ -5,10 +5,11 @@
- name: Determine if volume is already attached to dc/docker-registry
command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1"
changed_when: false
+ failed_when: false
register: registry_volumes_output
- set_fact:
- volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}"
+ volume_attached: "{{ registry_volume_claim in (registry_volumes_output).stdout | default(['']) }}"
- name: Add volume to dc/docker-registry
command: >
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 7f3731c7d..e18b9781c 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -1,7 +1,7 @@
---
- fail:
msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable."
- when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate)
+ when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate)
- name: Read router certificate and key
become: no
@@ -39,12 +39,12 @@
{{ openshift.common.client_binary }} --api-version='v1' -o json
get nodes -n default --config={{ openshift_hosted_kubeconfig }}
--selector={{ openshift.hosted.router.selector | default('') }}
- register: openshift_hosted_router_nodes_json
+ register: router_nodes_json
changed_when: false
when: openshift.hosted.router.replicas | default(none) is none
- set_fact:
- replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}"
+ replicas: "{{ openshift.hosted.router.replicas | default((router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}"
- name: Create OpenShift router
command: >
@@ -73,3 +73,4 @@
register: openshift_hosted_router_results
changed_when: "'service exists' not in openshift_hosted_router_results.stdout"
failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr"
+ when: replicas | int > 0
diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2
index ea5626642..b70ec500e 100644
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -58,6 +58,10 @@ auth:
openshift:
realm: openshift
middleware:
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ registry:
+ - name: openshift
+{% endif %}
repository:
- name: openshift
options:
@@ -69,4 +73,7 @@ middleware:
baseurl: {{ openshift.hosted.registry.storage.s3.cloudfront.baseurl }}
privatekey: {{ openshift.hosted.registry.storage.s3.cloudfront.privatekeyfile }}
keypairid: {{ openshift.hosted.registry.storage.s3.cloudfront.keypairid }}
+{% elif openshift.common.version_gte_3_3_or_1_3 | bool %}
+ storage:
+ - name: openshift
{% endif -%}
diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
index 05e360d3b..b9a279f5f 100644
--- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
+++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2
@@ -7,6 +7,7 @@ global
user haproxy
group haproxy
daemon
+ log /dev/log local0 info
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index 291cdbbb5..5abac32cd 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -13,10 +13,11 @@
{{ openshift.common.admin_binary }} manage-node {{ item.openshift.common.hostname | lower }} --schedulable={{ 'true' if item.openshift.node.schedulable | bool else 'false' }}
with_items:
- "{{ openshift_node_vars }}"
+ when: item.openshift.common.hostname is defined
- name: Label nodes
command: >
{{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname | lower }} {{ item.openshift.node.labels | oo_combine_dict }}
with_items:
- "{{ openshift_node_vars }}"
- when: "'labels' in item.openshift.node and item.openshift.node.labels != {}"
+ when: item.openshift.common.hostname is defined and 'labels' in item.openshift.node and item.openshift.node.labels != {}
diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml
index f7dfb11f7..edb7369de 100644
--- a/roles/openshift_master/handlers/main.yml
+++ b/roles/openshift_master/handlers/main.yml
@@ -17,7 +17,12 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml
index be70d9102..a2f665702 100644
--- a/roles/openshift_master/meta/main.yml
+++ b/roles/openshift_master/meta/main.yml
@@ -11,32 +11,4 @@ galaxy_info:
- 7
categories:
- cloud
-dependencies:
-- role: openshift_clock
-- role: openshift_master_certificates
-- role: openshift_cloud_provider
-- role: openshift_builddefaults
-- role: openshift_master_facts
-- role: openshift_hosted_facts
-- role: os_firewall
- os_firewall_allow:
- - service: etcd embedded
- port: 4001/tcp
- - service: api server https
- port: "{{ openshift.master.api_port }}/tcp"
- - service: api controllers https
- port: "{{ openshift.master.controllers_port }}/tcp"
- - service: skydns tcp
- port: "{{ openshift.master.dns_port }}/tcp"
- - service: skydns udp
- port: "{{ openshift.master.dns_port }}/udp"
- - service: Fluentd td-agent tcp
- port: 24224/tcp
- - service: Fluentd td-agent udp
- port: 24224/udp
- - service: pcsd
- port: 2224/tcp
- - service: Corosync UDP
- port: 5404/udp
- - service: Corosync UDP
- port: 5405/udp
+dependencies: []
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 0b87ae48c..6259fd996 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -180,7 +180,10 @@
changed_when: false
- name: Stop and disable non-HA master when running HA
- service: name={{ openshift.common.service_type }}-master enabled=no state=stopped
+ service:
+ name: "{{ openshift.common.service_type }}-master"
+ enabled: no
+ state: stopped
when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout
- set_fact:
@@ -191,9 +194,24 @@
command: systemctl mask {{ openshift.common.service_type }}-master
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool
-- name: Start and enable master api
- service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started
+- name: Start and enable master api on first master
+ service:
+ name: "{{ openshift.common.service_type }}-master-api"
+ enabled: yes
+ state: started
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0]
+ register: start_result
+
+- pause:
+ seconds: 15
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
+
+- name: Start and enable master api all masters
+ service:
+ name: "{{ openshift.common.service_type }}-master-api"
+ enabled: yes
+ state: started
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0]
register: start_result
- set_fact:
@@ -206,7 +224,12 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
{{ openshift.master.api_url }}/healthz/ready
register: api_available_output
until: api_available_output.stdout == 'ok'
@@ -216,9 +239,24 @@
changed_when: false
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool
-- name: Start and enable master controller
- service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started
+- name: Start and enable master controller on first master
+ service:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ enabled: yes
+ state: started
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0]
+ register: start_result
+
+- pause:
+ seconds: 15
when: openshift_master_ha | bool and openshift.master.cluster_method == 'native'
+
+- name: Start and enable master controller on all masters
+ service:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ enabled: yes
+ state: started
+ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0]
register: start_result
- set_fact:
@@ -239,37 +277,3 @@
- name: Set the cluster user password
shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
when: install_result | changed
-
-- name: Lookup default group for ansible_ssh_user
- command: "/usr/bin/id -g {{ ansible_ssh_user }}"
- changed_when: false
- register: _ansible_ssh_user_gid
-
-- set_fact:
- client_users: "{{ [ansible_ssh_user, 'root'] | unique }}"
-
-- name: Create the client config dir(s)
- file:
- path: "~{{ item }}/.kube"
- state: directory
- mode: 0700
- owner: "{{ item }}"
- group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: "{{ client_users }}"
-
-# TODO: Update this file if the contents of the source file are not present in
-# the dest file, will need to make sure to ignore things that could be added
-- name: Copy the admin client config(s)
- command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
- args:
- creates: ~{{ item }}/.kube/config
- with_items: "{{ client_users }}"
-
-- name: Update the permissions on the admin client config(s)
- file:
- path: "~{{ item }}/.kube/config"
- state: file
- mode: 0700
- owner: "{{ item }}"
- group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
- with_items: "{{ client_users }}"
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index 458b56fd1..56110c28f 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -16,7 +16,7 @@
# workaround for missing systemd unit files
- name: Create the systemd unit files
template:
- src: "docker/master.docker.service.j2"
+ src: "master_docker/master.docker.service.j2"
dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service"
when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool)
register: create_master_unit_file
@@ -45,6 +45,13 @@
failed_when: false
changed_when: false
+- name: Preserve Master API AWS options
+ command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ register: master_api_aws
+ when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
- name: Create the master api service env file
template:
src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
@@ -62,13 +69,29 @@
line: "{{ item }}"
with_items: "{{ master_api_proxy.stdout_lines | default([]) }}"
+- name: Restore Master API AWS Options
+ when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+ and master_api_aws.rc == 0 and
+ not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ line: "{{ item }}"
+ with_items: "{{ master_api_aws.stdout_lines | default([]) }}"
+
- name: Preserve Master Controllers Proxy Config options
- command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
+ command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
register: master_controllers_proxy
when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
failed_when: false
changed_when: false
+- name: Preserve Master Controllers AWS options
+ command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ register: master_controllers_aws
+ when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+ failed_when: false
+ changed_when: false
+
- name: Create the master controllers service env file
template:
src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
@@ -84,12 +107,21 @@
line: "{{ item }}"
with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}"
when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
- and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
+ and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
+
+- name: Restore Master Controllers AWS Options
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
+ line: "{{ item }}"
+ with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}"
+ when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
+ and master_controllers_aws.rc == 0 and
+ not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
- name: Install Master docker service file
template:
dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
- src: docker/master.docker.service.j2
+ src: master_docker/master.docker.service.j2
register: install_result
when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool
@@ -99,6 +131,12 @@
failed_when: false
changed_when: false
+- name: Preserve Master AWS options
+ command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master
+ register: master_aws
+ failed_when: false
+ changed_when: false
+
- name: Create the master service env file
template:
src: "atomic-openshift-master.j2"
@@ -112,4 +150,11 @@
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
line: "{{ item }}"
with_items: "{{ master_proxy.stdout_lines | default([]) }}"
- when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common \ No newline at end of file
+ when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
+
+- name: Restore Master AWS Options
+ lineinfile:
+ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
+ line: "{{ item }}"
+ with_items: "{{ master_aws.stdout_lines | default([]) }}"
+ when: master_aws.rc == 0 and not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2
index 75d44d308..10eaeb401 100644
--- a/roles/openshift_master/templates/atomic-openshift-master.j2
+++ b/roles/openshift_master/templates/atomic-openshift-master.j2
@@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
-{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
-AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
-AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %}
+AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}
{% endif %}
{% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%}
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
index df1dbb85e..eef0f414e 100644
--- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2
@@ -12,7 +12,7 @@ Requires=docker.service
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
Environment=GOTRACEBACK=crash
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api
LimitNOFILE=131072
diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
index 5ff2edae4..a8f5d7351 100644
--- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
+++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2
@@ -11,7 +11,7 @@ PartOf=docker.service
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
Environment=GOTRACEBACK=crash
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers
LimitNOFILE=131072
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index b18a42e32..ced3eb76f 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
{% endif %}
controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
{% endif %}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+controllerConfig:
+ serviceServingCert:
+ signer:
+ certFile: service-signer.crt
+ keyFile: service-signer.key
+{% endif %}
controllers: '*'
corsAllowedOrigins:
{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}
@@ -131,7 +138,21 @@ kubernetesMasterConfig:
{% endif %}
masterClients:
{# TODO: allow user to set externalKubernetesKubeConfig #}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ externalKubernetesClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: 400
+ qps: 200
+{% endif %}
externalKubernetesKubeConfig: ""
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+ openshiftLoopbackClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: 600
+ qps: 300
+{% endif %}
openshiftLoopbackKubeConfig: openshift-master.kubeconfig
masterPublicURL: {{ openshift.master.public_api_url }}
networkConfig:
@@ -142,6 +163,7 @@ networkConfig:
{% endif %}
# serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet
serviceNetworkCIDR: {{ openshift.common.portal_net }}
+ externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }}
oauthConfig:
{% if 'oauth_always_show_provider_selection' in openshift.master %}
alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }}
@@ -156,7 +178,11 @@ oauthConfig:
{% for line in translated_identity_providers.splitlines() %}
{{ line }}
{% endfor %}
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
masterCA: ca.crt
+{% endif %}
masterPublicURL: {{ openshift.master.public_api_url }}
masterURL: {{ openshift.master.api_url }}
sessionConfig:
@@ -189,7 +215,11 @@ serviceAccountConfig:
- default
- builder
- deployer
+{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ masterCA: ca-bundle.crt
+{% else %}
masterCA: ca.crt
+{% endif %}
privateKeyFile: serviceaccounts.private.key
publicKeyFiles:
- serviceaccounts.public.key
@@ -201,7 +231,7 @@ servingInfo:
keyFile: master.server.key
maxRequestsInFlight: {{ openshift.master.max_requests_inflight }}
requestTimeoutSeconds: 3600
-{% if openshift.master.named_certificates %}
+{% if openshift.master.named_certificates | default([]) | length > 0 %}
namedCertificates:
{% for named_certificate in openshift.master.named_certificates %}
- certFile: {{ named_certificate['certfile'] }}
diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/master_docker/master.docker.service.j2
index 97f698b68..be7644710 100644
--- a/roles/openshift_master/templates/docker/master.docker.service.j2
+++ b/roles/openshift_master/templates/master_docker/master.docker.service.j2
@@ -8,7 +8,7 @@ Wants=etcd_container.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
Restart=always
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
index 41308bd81..43fb3cafa 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2
@@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
-{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
-AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
-AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %}
+AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}
{% endif %}
{% if 'api_env_vars' in openshift.master -%}
diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
index 37a5d75f2..6d26a69eb 100644
--- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
+++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2
@@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }}
IMAGE_VERSION={{ openshift_image_tag }}
{% endif %}
-{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %}
-AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}
-AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}
+{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_access_key is defined %}
+AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}
+AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}
{% endif %}
{% if 'controllers_env_vars' in openshift.master -%}
diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml
index dd19c8ded..018186e86 100644
--- a/roles/openshift_master_certificates/meta/main.yml
+++ b/roles/openshift_master_certificates/meta/main.yml
@@ -13,4 +13,5 @@ galaxy_info:
- cloud
- system
dependencies:
+- role: openshift_master_facts
- role: openshift_ca
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 6fb5830cf..ffde59358 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -21,18 +21,22 @@
with_items:
- "{{ openshift_master_certs }}"
register: g_master_cert_stat_result
+ when: not openshift_certificates_redeploy | default(false) | bool
- set_fact:
- master_certs_missing: "{{ False in (g_master_cert_stat_result.results
- | oo_collect(attribute='stat.exists')
- | list) }}"
+ master_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool
+ else (False in (g_master_cert_stat_result.results
+ | default({})
+ | oo_collect(attribute='stat.exists')
+ | list)) }}"
+
- name: Ensure the generated_configs directory present
file:
path: "{{ openshift_master_generated_config_dir }}"
state: directory
mode: 0700
- when: master_certs_missing | bool
+ when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
delegate_to: "{{ openshift_ca_host }}"
- file:
@@ -43,18 +47,21 @@
- ca.crt
- ca.key
- ca.serial.txt
- when: master_certs_missing | bool
+ when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
delegate_to: "{{ openshift_ca_host }}"
- name: Create the master certificates if they do not already exist
command: >
{{ openshift.common.admin_binary }} create-master-certs
- --hostnames={{ openshift.common.all_hostnames | join(',') }}
- --master={{ openshift.master.api_url }}
- --public-master={{ openshift.master.public_api_url }}
- --cert-dir={{ openshift_master_generated_config_dir }}
- --overwrite=false
- when: master_certs_missing | bool
+ {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
+ --certificate-authority {{ named_ca_certificate }}
+ {% endfor %}
+ --hostnames={{ openshift.common.all_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_master_generated_config_dir }}
+ --overwrite=false
+ when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
delegate_to: "{{ openshift_ca_host }}"
- file:
@@ -64,7 +71,7 @@
force: true
with_items:
- "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}"
- when: master_certs_missing | bool
+ when: master_certs_missing | bool and inventory_hostname != openshift_ca_host
delegate_to: "{{ openshift_ca_host }}"
- name: Remove generated etcd client certs when using external etcd
@@ -121,3 +128,65 @@
when: master_certs_missing | bool
delegate_to: localhost
become: no
+
+- name: Lookup default group for ansible_ssh_user
+ command: "/usr/bin/id -g {{ ansible_ssh_user }}"
+ changed_when: false
+ register: _ansible_ssh_user_gid
+
+- set_fact:
+ client_users: "{{ [ansible_ssh_user, 'root'] | unique }}"
+
+- name: Create the client config dir(s)
+ file:
+ path: "~{{ item }}/.kube"
+ state: directory
+ mode: 0700
+ owner: "{{ item }}"
+ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
+ with_items: "{{ client_users }}"
+
+# TODO: Update this file if the contents of the source file are not present in
+# the dest file, will need to make sure to ignore things that could be added
+- name: Copy the admin client config(s)
+ copy:
+ src: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ dest: "~{{ item }}/.kube/config"
+ remote_src: yes
+ force: "{{ openshift_certificates_redeploy | default(false) }}"
+ with_items: "{{ client_users }}"
+
+- name: Update the permissions on the admin client config(s)
+ file:
+ path: "~{{ item }}/.kube/config"
+ state: file
+ mode: 0700
+ owner: "{{ item }}"
+ group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}"
+ with_items: "{{ client_users }}"
+
+# Ensure ca-bundle exists for 3.2+ configuration
+- name: Check for ca-bundle.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ register: ca_bundle_stat
+ failed_when: false
+
+- name: Check for ca.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ register: ca_crt_stat
+ failed_when: false
+
+- name: Migrate ca.crt to ca-bundle.crt
+ command: mv ca.crt ca-bundle.crt
+ args:
+ chdir: "{{ openshift.common.config_base }}/master"
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
+- name: Link ca.crt to ca-bundle.crt
+ file:
+ src: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ state: link
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index 17c31ec05..e0c0fc644 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -17,7 +17,6 @@
console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}"
public_console_url: "{{ openshift_master_public_console_url | default(None) }}"
logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}"
- metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}"
logout_url: "{{ openshift_master_logout_url | default(None) }}"
extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}"
extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}"
@@ -80,3 +79,4 @@
api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}"
controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}"
audit_config: "{{ openshift_master_audit_config | default(None) }}"
+ metrics_public_url: "{% if openshift_hosted_metrics_deploy | default(false) %}https://{{ metrics_hostname }}/hawkular/metrics{% endif %}"
diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml
index 086d8340c..406d50c24 100644
--- a/roles/openshift_master_facts/vars/main.yml
+++ b/roles/openshift_master_facts/vars/main.yml
@@ -17,4 +17,9 @@ builddefaults_yaml:
- name: https_proxy
value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}"
- name: no_proxy
- value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" \ No newline at end of file
+ value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}"
+
+metrics_hostname: "{{ openshift_hosted_metrics_public_url
+ | default('hawkular-metrics.' ~ (openshift.master.default_subdomain
+ | default(openshift_master_default_subdomain )))
+ | oo_hostname_from_url }}"
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
new file mode 100644
index 000000000..edb7369de
--- /dev/null
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -0,0 +1,31 @@
+---
+- name: restart master
+ service: name={{ openshift.common.service_type }}-master state=restarted
+ when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool))
+ notify: Verify API Server
+
+- name: restart master api
+ service: name={{ openshift.common.service_type }}-master-api state=restarted
+ when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
+ notify: Verify API Server
+
+- name: restart master controllers
+ service: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
+
+- name: Verify API Server
+ # Using curl here since the uri module requires python-httplib2 and
+ # wait_for port doesn't provide health information.
+ command: >
+ curl --silent
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
+ {{ openshift.master.api_url }}/healthz/ready
+ register: api_available_output
+ until: api_available_output.stdout == 'ok'
+ retries: 120
+ delay: 1
+ changed_when: false
diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml
new file mode 100644
index 000000000..9c4eb22d7
--- /dev/null
+++ b/roles/openshift_metrics/tasks/install.yml
@@ -0,0 +1,114 @@
+---
+
+- name: Test if metrics-deployer service account exists
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace=openshift-infra
+ get serviceaccount metrics-deployer -o json
+ register: serviceaccount
+ changed_when: false
+ failed_when: false
+
+- name: Create metrics-deployer Service Account
+ shell: >
+ echo {{ metrics_deployer_sa | to_json | quote }} |
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ create -f -
+ when: serviceaccount.rc == 1
+
+- name: Test edit permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
+ register: edit_rolebindings
+ changed_when: false
+
+- name: Add edit permission to the openshift-infra project to metrics-deployer SA
+ command: >
+ {{ openshift.common.admin_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-role-to-user edit
+ system:serviceaccount:openshift-infra:metrics-deployer
+ when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
+
+- name: Test cluster-reader permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
+ register: cluster_reader_clusterrolebindings
+ changed_when: false
+
+- name: Add cluster-reader permission to the openshift-infra project to heapster SA
+ command: >
+ {{ openshift.common.admin_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-cluster-role-to-user cluster-reader
+ system:serviceaccount:openshift-infra:heapster
+ when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"
+
+- name: Create metrics-deployer secret
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ secrets new metrics-deployer nothing=/dev/null
+ register: metrics_deployer_secret
+ changed_when: metrics_deployer_secret.rc == 0
+ failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"
+
+# TODO: extend this to allow user passed in certs or generating cert with
+# OpenShift CA
+- name: Build metrics deployer command
+ set_fact:
+ deployer_cmd: "{{ openshift.common.client_binary }} process -f \
+ {{ metrics_template_dir }}/metrics-deployer.yaml -v \
+ HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \
+ | {{ openshift.common.client_binary }} --namespace openshift-infra \
+ --config={{ openshift_metrics_kubeconfig }} \
+ create -o name -f -"
+
+- name: Deploy Metrics
+ shell: "{{ deployer_cmd }}"
+ register: deploy_metrics
+ failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
+ changed_when: deploy_metrics.rc == 0
+
+- set_fact:
+ deployer_pod: "{{ deploy_metrics.stdout[1:2] }}"
+
+# TODO: re-enable this once the metrics deployer validation issue is fixed
+# when using dynamically provisioned volumes
+- name: "Wait for image pull and deployer pod"
+ shell: >
+ {{ openshift.common.client_binary }}
+ --namespace openshift-infra
+ --config={{ openshift_metrics_kubeconfig }}
+ get {{ deploy_metrics.stdout }}
+ register: deploy_result
+ until: "{{ 'Completed' in deploy_result.stdout }}"
+ failed_when: False
+ retries: 60
+ delay: 10
+
+- name: Configure master for metrics
+ modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: assetConfig.metricsPublicURL
+ yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics"
+ notify: restart master
+
+- name: Store metrics public_url
+ openshift_facts:
+ role: master
+ local_facts:
+ metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics"
+ when: deploy_result | changed
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index 43b85204a..88432a9f8 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,64 +1,87 @@
---
-- name: Copy Configuration to temporary conf
- command: >
- cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{hawkular_tmp_conf}}
- changed_when: false
+- fail:
+ msg: This role required openshift_master_default_subdomain or openshift_hosted_metrics_public_url be set
+ when: openshift.master.metrics_public_url | default(openshift_hosted_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none
-- name: Create metrics-deployer Service Account
- shell: >
- echo {{ deployer_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n openshift-infra
- --config={{hawkular_tmp_conf}}
- -f -
- register: deployer_create_service_account
- failed_when: "'already exists' not in deployer_create_service_account.stderr and deployer_create_service_account.rc != 0"
- changed_when: deployer_create_service_account.rc == 0
+- name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
-- name: Create metrics-deployer Secret
- command: >
- {{ openshift.common.client_binary }}
- secrets new metrics-deployer
- nothing=/dev/null
- --config={{hawkular_tmp_conf}}
- -n openshift-infra
- register: deployer_create_secret
- failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0"
- changed_when: deployer_create_secret.rc == 0
+- name: Record kubeconfig tmp dir
+ set_fact:
+ openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
-- name: Configure role/user permissions
+- name: Copy the admin client config(s)
command: >
- {{ openshift.common.admin_binary }} {{item}}
- --config={{hawkular_tmp_conf}}
- with_items: "{{hawkular_permission_oc_commands}}"
- register: hawkular_perm_task
- failed_when: "'already exists' not in hawkular_perm_task.stderr and hawkular_perm_task.rc != 0"
- changed_when: hawkular_perm_task.rc == 0
+ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }}
+ changed_when: False
+
+- name: Set hosted metrics facts
+ openshift_facts:
+ role: hosted
+ openshift_env: "{{ hostvars
+ | oo_merge_hostvars(vars, inventory_hostname)
+ | oo_openshift_env }}"
+ openshift_env_structures:
+ - 'openshift.hosted.metrics.*'
+
+- set_fact:
+ # Prefer the master facts over bare variables if present, prefer
+ # metrics_public_url over creating a default using default_subdomain
+ metrics_hostname: "{{ openshift.hosted.metrics.public_url
+ | default('hawkular-metrics.' ~ (openshift.master.default_subdomain
+ | default(openshift_master_default_subdomain )))
+ | oo_hostname_from_url }}"
+ metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}"
+ metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}"
+ metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
+ cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}"
+ cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}"
+ image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}"
+ image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}"
-- name: Check openshift_master_default_subdomain
- fail:
- msg: "Default subdomain should be defined"
- when: openshift.master.default_subdomain is not defined
-- name: Create Heapster and Hawkular/Cassandra Services
+- name: Check for existing metrics pods
shell: >
- {{ openshift.common.client_binary }} process -f \
- /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \
- HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \
- | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f -
- register: oex_heapster_services
- failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get pods -l {{ item }} | grep -q Running
+ register: metrics_pods_status
+ with_items:
+ - metrics-infra=hawkular-metrics
+ - metrics-infra=heapster
+ - metrics-infra=hawkular-cassandra
+ failed_when: false
changed_when: false
-- name: Clean temporary config file
- command: >
- rm -rf {{hawkular_tmp_conf}}
+- name: Check for previous deployer
+ shell: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer-
+ register: metrics_deployer_status
+ failed_when: false
changed_when: false
-- name: "Wait for image pull and deployer pod"
- shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed"
- register: result
- until: result.rc == 0
- retries: 60
- delay: 10
+- name: Record current deployment status
+ set_fact:
+ greenfield: "{{ not metrics_deployer_status.rc == 0 }}"
+ failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}"
+ metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}"
+
+- name: Set deployment mode
+ set_fact:
+ deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}"
+
+# TODO: handle non greenfield deployments in the future
+- include: install.yml
+ when: greenfield
+- name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False
diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml
index 82d9d29f7..0331bcb89 100644
--- a/roles/openshift_metrics/vars/main.yaml
+++ b/roles/openshift_metrics/vars/main.yaml
@@ -2,13 +2,13 @@ hawkular_permission_oc_commands:
- policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra
- policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster
-deployer_service_account:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: metrics-deployer
- secrets:
- - name: metrics-deployer
+metrics_deployer_sa:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: metrics-deployer
+ secrets:
+ - name: metrics-deployer
hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig
@@ -17,3 +17,4 @@ hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}tru
hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
+metrics_upgrade: openshift.hosted.metrics.upgrade | default(False)
diff --git a/roles/openshift_named_certificates/README.md b/roles/openshift_named_certificates/README.md
new file mode 100644
index 000000000..41f895813
--- /dev/null
+++ b/roles/openshift_named_certificates/README.md
@@ -0,0 +1,32 @@
+OpenShift Named Certificates
+============================
+
+TODO
+
+Requirements
+------------
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Andrew Butcher <abutcher@redhat.com>
diff --git a/roles/openshift_etcd_certificates/meta/main.yml b/roles/openshift_named_certificates/meta/main.yml
index 2725fdb51..2c6e12494 100644
--- a/roles/openshift_etcd_certificates/meta/main.yml
+++ b/roles/openshift_named_certificates/meta/main.yml
@@ -1,16 +1,16 @@
---
galaxy_info:
author: Andrew Butcher
- description: OpenShift etcd Certificates
+ description: OpenShift Named Certificates
company: Red Hat, Inc.
license: Apache License, Version 2.0
- min_ansible_version: 1.9
+ min_ansible_version: 2.1
platforms:
- name: EL
versions:
- 7
categories:
- cloud
+ - system
dependencies:
-- role: openshift_etcd_facts
-- role: etcd_certificates
+- role: openshift_facts
diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml
new file mode 100644
index 000000000..7f20cf401
--- /dev/null
+++ b/roles/openshift_named_certificates/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+- set_fact:
+ parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}"
+ when: named_certificates | length > 0
+ delegate_to: localhost
+ become: no
+ run_once: true
+
+- openshift_facts:
+ role: master
+ local_facts:
+ named_certificates: "{{ parsed_named_certificates | default([]) }}"
+ additive_facts_to_overwrite:
+ - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}"
+
+- name: Clear named certificates
+ file:
+ path: "{{ named_certs_dir }}"
+ state: absent
+ when: overwrite_named_certs | bool
+
+- name: Ensure named certificate directory exists
+ file:
+ path: "{{ named_certs_dir }}"
+ state: directory
+ mode: 0700
+
+- name: Land named certificates
+ copy:
+ src: "{{ item.certfile }}"
+ dest: "{{ named_certs_dir }}"
+ with_items: "{{ named_certificates }}"
+
+- name: Land named certificate keys
+ copy:
+ src: "{{ item.keyfile }}"
+ dest: "{{ named_certs_dir }}"
+ mode: 0600
+ with_items: "{{ named_certificates }}"
+
+- name: Land named CA certificates
+ copy:
+ src: "{{ item }}"
+ dest: "{{ named_certs_dir }}"
+ mode: 0600
+ with_items: "{{ named_certificates | oo_collect('cafile') }}"
diff --git a/roles/openshift_named_certificates/tasks/named_certificates.yml b/roles/openshift_named_certificates/tasks/named_certificates.yml
new file mode 100644
index 000000000..7b097b443
--- /dev/null
+++ b/roles/openshift_named_certificates/tasks/named_certificates.yml
@@ -0,0 +1,32 @@
+---
+- name: Clear named certificates
+ file:
+ path: "{{ named_certs_dir }}"
+ state: absent
+ when: overwrite_named_certs | bool
+
+- name: Ensure named certificate directory exists
+ file:
+ path: "{{ named_certs_dir }}"
+ state: directory
+ mode: 0700
+
+- name: Land named certificates
+ copy:
+ src: "{{ item.certfile }}"
+ dest: "{{ named_certs_dir }}"
+ with_items: "{{ openshift_master_named_certificates | default([]) }}"
+
+- name: Land named certificate keys
+ copy:
+ src: "{{ item.keyfile }}"
+ dest: "{{ named_certs_dir }}"
+ mode: 0600
+ with_items: "{{ openshift_master_named_certificates | default([]) }}"
+
+- name: Land named CA certificates
+ copy:
+ src: "{{ item }}"
+ dest: "{{ named_certs_dir }}"
+ mode: 0600
+ with_items: "{{ openshift_master_named_certificates | default([]) | oo_collect('cafile') }}"
diff --git a/roles/openshift_named_certificates/vars/main.yml b/roles/openshift_named_certificates/vars/main.yml
new file mode 100644
index 000000000..368e9bdac
--- /dev/null
+++ b/roles/openshift_named_certificates/vars/main.yml
@@ -0,0 +1,11 @@
+---
+openshift_ca_config_dir: "{{ openshift.common.config_base }}/master"
+openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt"
+openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key"
+openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt"
+openshift_version: "{{ openshift_pkg_version | default('') }}"
+
+overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}"
+named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/"
+internal_hostnames: "{{ openshift.common.internal_hostnames }}"
+named_certificates: "{{ openshift_master_named_certificates | default([]) }}"
diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml
index fd493340b..c39269f33 100644
--- a/roles/openshift_node/meta/main.yml
+++ b/roles/openshift_node/meta/main.yml
@@ -11,26 +11,4 @@ galaxy_info:
- 7
categories:
- cloud
-dependencies:
-- role: openshift_clock
-- role: openshift_docker
-- role: openshift_node_certificates
-- role: openshift_cloud_provider
-- role: openshift_common
-- role: openshift_node_dnsmasq
- when: openshift.common.use_dnsmasq
-- role: os_firewall
- os_firewall_allow:
- - service: Kubernetes kubelet
- port: 10250/tcp
- - service: http
- port: 80/tcp
- - service: https
- port: 443/tcp
- - service: Openshift kubelet ReadOnlyPort
- port: 10255/tcp
- - service: Openshift kubelet ReadOnlyPort udp
- port: 10255/udp
- - service: OpenShift OVS sdn
- port: 4789/udp
- when: openshift.node.use_openshift_sdn | bool
+dependencies: []
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 889541e25..f49e97745 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -55,11 +55,11 @@
- name: Install the systemd units
include: systemd_units.yml
-- name: Reload systemd units
- command: systemctl daemon-reload
- when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed)
- notify:
- - restart node
+# The atomic-openshift-node service will set this parameter on
+# startup, but if the network service is restarted this setting is
+# lost. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1372388
+- name: Persist net.ipv4.ip_forward sysctl entry
+ sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
- name: Start and enable openvswitch docker service
service: name=openvswitch.service enabled=yes state=started
@@ -89,10 +89,10 @@
create: true
with_items:
- regex: '^AWS_ACCESS_KEY_ID='
- line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}"
+ line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}"
- regex: '^AWS_SECRET_ACCESS_KEY='
- line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}"
- when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws"
+ line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}"
+ when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined"
notify:
- restart node
@@ -106,8 +106,20 @@
notify:
- restart node
-- name: Additional storage plugin configuration
- include: storage_plugins/main.yml
+- name: NFS storage plugin configuration
+ include: storage_plugins/nfs.yml
+
+- name: GlusterFS storage plugin configuration
+ include: storage_plugins/glusterfs.yml
+ when: "'glusterfs' in openshift.node.storage_plugin_deps"
+
+- name: Ceph storage plugin configuration
+ include: storage_plugins/ceph.yml
+ when: "'ceph' in openshift.node.storage_plugin_deps"
+
+- name: iSCSI storage plugin configuration
+ include: storage_plugins/iscsi.yml
+ when: "'iscsi' in openshift.node.storage_plugin_deps"
# Necessary because when you're on a node that's also a master the master will be
# restarted after the node restarts docker and it will take up to 60 seconds for
diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml
deleted file mode 100644
index fe638718d..000000000
--- a/roles/openshift_node/tasks/storage_plugins/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-# The NFS storage plugin is always enabled since it doesn't require any
-# additional package dependencies
-- name: NFS storage plugin configuration
- include: nfs.yml
-
-- name: GlusterFS storage plugin configuration
- include: glusterfs.yml
- when: "'glusterfs' in openshift.node.storage_plugin_deps"
-
-- name: Ceph storage plugin configuration
- include: ceph.yml
- when: "'ceph' in openshift.node.storage_plugin_deps"
-
-- name: iSCSI storage plugin configuration
- include: iscsi.yml
- when: "'iscsi' in openshift.node.storage_plugin_deps"
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index e384c1bd7..22b539d16 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -17,16 +17,16 @@
persistent: yes
when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0
-- name: Check for existence of virt_sandbox_use_nfs seboolean
+- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL)
command: getsebool virt_sandbox_use_nfs
register: virt_sandbox_use_nfs_output
- when: ansible_selinux and ansible_selinux.status == "enabled"
+ when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled"
failed_when: false
changed_when: false
-- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
+- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL)
seboolean:
name: virt_sandbox_use_nfs
state: yes
persistent: yes
- when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0
+ when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0
diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml
index 39e5386d4..025cb567e 100644
--- a/roles/openshift_node/tasks/systemd_units.yml
+++ b/roles/openshift_node/tasks/systemd_units.yml
@@ -47,3 +47,9 @@
line: "IMAGE_VERSION={{ openshift_image_tag }}"
notify:
- restart node
+
+- name: Reload systemd units
+ command: systemctl daemon-reload
+ when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed)
+ notify:
+ - restart node
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index 9ba1a01dd..68d153052 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -12,15 +12,22 @@ imageConfig:
latest: false
kind: NodeConfig
kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+masterClientConnectionOverrides:
+ acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+ contentType: application/vnd.kubernetes.protobuf
+ burst: 200
+ qps: 100
+{% endif %}
masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig
-{% if openshift.common.use_openshift_sdn %}
+{% if openshift.common.use_openshift_sdn | bool %}
networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
{% endif %}
# networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which
# deprecates networkPluginName above. The two should match.
networkConfig:
mtu: {{ openshift.node.sdn_mtu }}
-{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %}
+{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool %}
networkPluginName: {{ openshift.common.sdn_network_plugin_name }}
{% endif %}
{% if openshift.node.set_node_ip | bool %}
@@ -34,7 +41,6 @@ servingInfo:
clientCA: ca.crt
keyFile: server.key
volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
-{% include 'partials/kubeletArguments.j2' %}
proxyArguments:
proxy-mode:
- {{ openshift.node.proxy_mode }}
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index f5b6f501d..3b5865a50 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -15,7 +15,7 @@ After={{ openshift.common.service_type }}-node-dep.service
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
SyslogIdentifier={{ openshift.common.service_type }}-node
diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2
deleted file mode 100644
index 6c3bd04c5..000000000
--- a/roles/openshift_node/templates/partials/kubeletArguments.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-{% if openshift.common.use_cluster_metrics | bool %}
-kubeletArguments:
- "read-only-port":
- - "10255"
-{% endif %} \ No newline at end of file
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
index 0e69dc6f0..fef7caab8 100644
--- a/roles/openshift_node_certificates/tasks/main.yml
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -25,11 +25,14 @@
- server.key
- server.crt
register: g_node_cert_stat_result
+ when: not openshift_certificates_redeploy | default(false) | bool
- set_fact:
- node_certs_missing: "{{ False in (g_node_cert_stat_result.results
- | oo_collect(attribute='stat.exists')
- | list) }}"
+ node_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool
+ else (False in (g_node_cert_stat_result.results
+ | default({})
+ | oo_collect(attribute='stat.exists')
+ | list)) }}"
- name: Create openshift_generated_configs_dir if it does not exist
file:
@@ -42,6 +45,9 @@
- name: Generate the node client config
command: >
{{ openshift.common.admin_binary }} create-api-client-config
+ {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
+ --certificate-authority {{ named_ca_certificate }}
+ {% endfor %}
--certificate-authority={{ openshift_ca_cert }}
--client-dir={{ openshift_node_generated_config_dir }}
--groups=system:nodes
diff --git a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo b/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo
deleted file mode 100644
index bc0435d82..000000000
--- a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo
+++ /dev/null
@@ -1,8 +0,0 @@
-[maxamillion-fedora-openshift]
-name=Copr repo for fedora-openshift owned by maxamillion
-baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/
-skip_if_unavailable=True
-gpgcheck=1
-gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg
-enabled=1
-enabled_metadata=1 \ No newline at end of file
diff --git a/roles/openshift_repos/files/online/repos/enterprise-v3.repo b/roles/openshift_repos/files/online/repos/enterprise-v3.repo
deleted file mode 100644
index 92bd35834..000000000
--- a/roles/openshift_repos/files/online/repos/enterprise-v3.repo
+++ /dev/null
@@ -1,10 +0,0 @@
-[enterprise-v3]
-name=OpenShift Enterprise
-baseurl=https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/
- https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/
-enabled=1
-gpgcheck=0
-failovermethod=priority
-sslverify=False
-sslclientcert=/var/lib/yum/client-cert.pem
-sslclientkey=/var/lib/yum/client-key.pem
diff --git a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo b/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo
deleted file mode 100644
index b4215679f..000000000
--- a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo
+++ /dev/null
@@ -1,11 +0,0 @@
-[rhel-7-libra-candidate]
-name=rhel-7-libra-candidate - \$basearch
-baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/
- https://mirror.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/
-gpgkey=https://mirror.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-openshifthosted
-skip_if_unavailable=True
-gpgcheck=0
-enabled=1
-sslclientcert=/var/lib/yum/client-cert.pem
-sslclientkey=/var/lib/yum/client-key.pem
-sslverify=False
diff --git a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo b/roles/openshift_repos/files/removed/repos/epel7-openshift.repo
deleted file mode 100644
index e69de29bb..000000000
--- a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo
+++ /dev/null
diff --git a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo b/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo
deleted file mode 100644
index 0b21e0a65..000000000
--- a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo
+++ /dev/null
@@ -1,7 +0,0 @@
-[maxamillion-origin-next]
-name=Copr repo for origin-next owned by maxamillion
-baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/
-skip_if_unavailable=True
-gpgcheck=1
-gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg
-enabled=1
diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo
deleted file mode 100644
index e69de29bb..000000000
--- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo
+++ /dev/null
diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo
deleted file mode 100644
index e69de29bb..000000000
--- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo
+++ /dev/null
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index d8e43438a..9be168611 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -29,52 +29,20 @@
when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool
notify: refresh cache
-- name: Remove any yum repo files for other deployment types RHEL/CentOS
- file:
- path: "/etc/yum.repos.d/{{ item | basename }}"
- state: absent
- with_fileglob:
- - '*/repos/*'
- when: not openshift.common.is_containerized | bool
- and not (item | search("/files/" ~ openshift_deployment_type ~ "/repos"))
- and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
- notify: refresh cache
-
-- name: Remove any yum repo files for other deployment types Fedora
- file:
- path: "/etc/yum.repos.d/{{ item | basename }}"
- state: absent
- with_fileglob:
- - '*/repos/*'
- when: not openshift.common.is_containerized | bool
- and not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos"))
- and (ansible_distribution == "Fedora")
- notify: refresh cache
-
-- name: Configure gpg keys if needed
+- name: Configure origin gpg keys if needed
copy:
- src: "{{ item }}"
+ src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS
dest: /etc/pki/rpm-gpg/
- with_fileglob:
- - "{{ openshift_deployment_type }}/gpg_keys/*"
- notify: refresh cache
- when: not openshift.common.is_containerized | bool
-
-- name: Configure yum repositories RHEL/CentOS
- copy:
- src: "{{ item }}"
- dest: /etc/yum.repos.d/
- with_fileglob:
- - "{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
- when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora")
+ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
+ and openshift_deployment_type == 'origin'
and not openshift.common.is_containerized | bool
-- name: Configure yum repositories Fedora
+- name: Configure origin yum repositories RHEL/CentOS
copy:
- src: "{{ item }}"
+ src: origin/repos/openshift-ansible-centos-paas-sig.repo
dest: /etc/yum.repos.d/
- with_fileglob:
- - "fedora-{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
- when: (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool
+ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
+ and openshift_deployment_type == 'origin'
+ and not openshift.common.is_containerized | bool
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
index 1efab9466..8715fc64e 100644
--- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
+++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
@@ -15,7 +15,7 @@
template:
src: serviceaccount.j2
dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: openshift_serviceaccounts_names
+ with_items: '{{ openshift_serviceaccounts_names }}'
- name: Get current security context constraints
shell: >
@@ -30,8 +30,8 @@
insertafter: "^users:$"
when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
with_nested:
- - openshift_serviceaccounts_names
- - scc_test.results
+ - '{{ openshift_serviceaccounts_names }}'
+ - '{{ scc_test.results }}'
- name: Apply new scc rules for service accounts
command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml
index fe7f83cbb..08d0b8540 100644
--- a/roles/openshift_storage_nfs/tasks/main.yml
+++ b/roles/openshift_storage_nfs/tasks/main.yml
@@ -20,21 +20,37 @@
- name: Ensure export directories exist
file:
- path: "{{ openshift.hosted.registry.storage.nfs.directory }}/{{ item }}"
+ path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}"
state: directory
mode: 0777
owner: nfsnobody
group: nfsnobody
with_items:
- - "{{ openshift.hosted.registry.storage.volume.name }}"
+ - "{{ openshift.hosted.registry }}"
+ - "{{ openshift.hosted.metrics }}"
- name: Configure exports
template:
- dest: /etc/exports
+ dest: /etc/exports.d/openshift-ansible.exports
src: exports.j2
notify:
- restart nfs-server
+# Now that we're putting our exports in our own file clean up the old ones
+- name: register exports
+ command: cat /etc/exports.d/openshift-ansible.exports
+ register: exports_out
+
+- name: remove exports from /etc/exports
+ lineinfile:
+ dest: /etc/exports
+ line: "{{ item }}"
+ state: absent
+ with_items: "{{ exports_out.stdout_lines | default([]) }}"
+ when: exports_out.rc == 0
+ notify:
+ - restart nfs-server
+
- name: Enable and start services
service:
name: "{{ item }}"
diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2
index c1e1994b0..d6d936b72 100644
--- a/roles/openshift_storage_nfs/templates/exports.j2
+++ b/roles/openshift_storage_nfs/templates/exports.j2
@@ -1 +1,2 @@
{{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }}
+{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }}
diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml
index 6e5d2b22c..a3a99d248 100644
--- a/roles/openshift_version/tasks/main.yml
+++ b/roles/openshift_version/tasks/main.yml
@@ -73,6 +73,10 @@
msg: openshift_version role was unable to set openshift_pkg_version
when: openshift_pkg_version is not defined
+- fail:
+ msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories."
+ when: not is_containerized | bool and openshift_version == '0.0'
+
# We can't map an openshift_release to full rpm version like we can with containers, make sure
# the rpm version we looked up matches the release requested and error out if not.
- fail:
diff --git a/test/modify_yaml_tests.py b/test/modify_yaml_tests.py
new file mode 100644
index 000000000..24cce4855
--- /dev/null
+++ b/test/modify_yaml_tests.py
@@ -0,0 +1,37 @@
+""" Tests for the modify_yaml Ansible module. """
+# pylint: disable=missing-docstring,invalid-name
+
+import os
+import sys
+import unittest
+
+sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../library/")] + sys.path
+
+# pylint: disable=import-error
+from modify_yaml import set_key
+
+class ModifyYamlTests(unittest.TestCase):
+
+ def test_simple_nested_value(self):
+ cfg = {"section": {"a": 1, "b": 2}}
+ changes = set_key(cfg, 'section.c', 3)
+ self.assertEquals(1, len(changes))
+ self.assertEquals(3, cfg['section']['c'])
+
+ # Tests a previous bug where property would land in section above where it should,
+ # if the destination section did not yet exist:
+ def test_nested_property_in_new_section(self):
+ cfg = {
+ "masterClients": {
+ "externalKubernetesKubeConfig": "",
+ "openshiftLoopbackKubeConfig": "openshift-master.kubeconfig",
+ },
+ }
+
+ yaml_key = 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes'
+ yaml_value = 'application/vnd.kubernetes.protobuf,application/json'
+ set_key(cfg, yaml_key, yaml_value)
+ self.assertEquals(yaml_value, cfg['masterClients']
+ ['externalKubernetesClientConnectionOverrides']
+ ['acceptContentTypes'])
+
diff --git a/utils/.gitignore b/utils/.gitignore
index 68759c0ba..facfeee54 100644
--- a/utils/.gitignore
+++ b/utils/.gitignore
@@ -43,3 +43,6 @@ coverage.xml
# Sphinx documentation
docs/_build/
+oo-install
+oo-installenv
+cover
diff --git a/utils/Makefile b/utils/Makefile
new file mode 100644
index 000000000..79c27626a
--- /dev/null
+++ b/utils/Makefile
@@ -0,0 +1,83 @@
+########################################################
+
+# Makefile for OpenShift: Atomic Quick Installer
+#
+# useful targets (not all implemented yet!):
+# make clean -- Clean up garbage
+# make ci ------------------- Execute CI steps (for travis or jenkins)
+
+########################################################
+
+# > VARIABLE = value
+#
+# Normal setting of a variable - values within it are recursively
+# expanded when the variable is USED, not when it's declared.
+#
+# > VARIABLE := value
+#
+# Setting of a variable with simple expansion of the values inside -
+# values within it are expanded at DECLARATION time.
+
+########################################################
+
+
+NAME := oo-install
+TESTPACKAGE := oo-install
+SHORTNAME := ooinstall
+
+sdist: clean
+ python setup.py sdist
+ rm -fR $(SHORTNAME).egg-info
+
+clean:
+ @find . -type f -regex ".*\.py[co]$$" -delete
+ @find . -type f \( -name "*~" -or -name "#*" \) -delete
+ @rm -fR build dist rpm-build MANIFEST htmlcov .coverage cover ooinstall.egg-info oo-install
+ @rm -fR $(NAME)env
+
+viewcover:
+ xdg-open cover/index.html
+
+virtualenv:
+ @echo "#############################################"
+ @echo "# Creating a virtualenv"
+ @echo "#############################################"
+ virtualenv $(NAME)env
+ . $(NAME)env/bin/activate && pip install setuptools==17.1.1
+ . $(NAME)env/bin/activate && pip install -r test-requirements.txt
+# If there are any special things to install do it here
+# . $(NAME)env/bin/activate && INSTALL STUFF
+
+ci-unittests:
+ @echo "#############################################"
+ @echo "# Running Unit Tests in virtualenv"
+ @echo "#############################################"
+ . $(NAME)env/bin/activate && nosetests -v --with-coverage --cover-html --cover-min-percentage=70 --cover-package=$(SHORTNAME) test/
+ @echo "VIEW CODE COVERAGE REPORT WITH 'xdg-open cover/index.html' or run 'make viewcover'"
+
+ci-pylint:
+ @echo "#############################################"
+ @echo "# Running PyLint Tests in virtualenv"
+ @echo "#############################################"
+ . $(NAME)env/bin/activate && python -m pylint --rcfile ../git/.pylintrc src/ooinstall/cli_installer.py src/ooinstall/oo_config.py src/ooinstall/openshift_ansible.py src/ooinstall/variants.py
+
+ci-list-deps:
+ @echo "#############################################"
+ @echo "# Listing all pip deps"
+ @echo "#############################################"
+ . $(NAME)env/bin/activate && pip freeze
+
+ci-pyflakes:
+ @echo "#################################################"
+ @echo "# Running Pyflakes Compliance Tests in virtualenv"
+ @echo "#################################################"
+ . $(NAME)env/bin/activate && pyflakes src/ooinstall/*.py
+
+ci-pep8:
+ @echo "#############################################"
+ @echo "# Running PEP8 Compliance Tests in virtualenv"
+ @echo "#############################################"
+ . $(NAME)env/bin/activate && pep8 --ignore=E501,E121,E124 src/$(SHORTNAME)/
+
+ci: clean virtualenv ci-list-deps ci-pep8 ci-pylint ci-pyflakes ci-unittests
+ :
diff --git a/utils/README.md b/utils/README.md
new file mode 100644
index 000000000..2abf2705e
--- /dev/null
+++ b/utils/README.md
@@ -0,0 +1,41 @@
+# Running Tests (NEW)
+
+Run the command:
+
+ make ci
+
+to run an array of unittests locally.
+
+You will get errors if the log files already exist and can not be
+written to by the current user (`/tmp/ansible.log` and
+`/tmp/installer.txt`). *We're working on it.*
+
+# Running From Source
+
+You will need to setup a **virtualenv** to run from source:
+
+ $ virtualenv oo-install
+ $ source ./oo-install/bin/activate
+ $ virtualenv --relocatable ./oo-install/
+ $ python setup.py install
+
+The virtualenv `bin` directory should now be at the start of your
+`$PATH`, and `oo-install` is ready to use from your shell.
+
+You can exit the virtualenv with:
+
+ $ deactivate
+
+# Testing (OLD)
+
+*This section is deprecated, but still works*
+
+First, run the **virtualenv setup steps** described above.
+
+Install some testing libraries: (we cannot do this via setuptools due to the version virtualenv bundles)
+
+$ pip install mock nose
+
+Then run the tests with:
+
+$ oo-install/bin/nosetests
diff --git a/utils/README.txt b/utils/README.txt
deleted file mode 100644
index 6a6a1d24d..000000000
--- a/utils/README.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-## Running From Source
-
-You will need to setup a virtualenv to run from source and execute the unit tests.
-
-$ virtualenv oo-install
-$ source ./oo-install/bin/activate
-$ virtualenv --relocatable ./oo-install/
-$ python setup.py install
-
-The virtualenv bin directory should now be at the start of your $PATH, and oo-install is ready to use from your shell.
-
-You can exit the virtualenv with:
-
-$ deactivate
-
-## Testing
-
-Install some testing libraries: (we cannot do this via setuptools due to the version virtualenv bundles)
-
-$ pip install mock nose
-
-Then run the tests with:
-
-$ oo-install/bin/nosetests
diff --git a/utils/docs/config.md b/utils/docs/config.md
index 2729f8d37..3677ffe2e 100644
--- a/utils/docs/config.md
+++ b/utils/docs/config.md
@@ -7,31 +7,38 @@ The default location this config file will be written to ~/.config/openshift/ins
## Example
```
-version: v1
+version: v2
variant: openshift-enterprise
-variant_version: 3.0
-ansible_ssh_user: root
-hosts:
-- ip: 10.0.0.1
- hostname: master-private.example.com
- public_ip: 24.222.0.1
- public_hostname: master.example.com
- master: true
- node: true
- containerized: true
- connect_to: 24.222.0.1
-- ip: 10.0.0.2
- hostname: node1-private.example.com
- public_ip: 24.222.0.2
- public_hostname: node1.example.com
- node: true
- connect_to: 10.0.0.2
-- ip: 10.0.0.3
- hostname: node2-private.example.com
- public_ip: 24.222.0.3
- public_hostname: node2.example.com
- node: true
- connect_to: 10.0.0.3
+variant_version: 3.3
+deployment:
+ ansible_ssh_user: root
+ hosts:
+ - connect_to: 24.222.0.1
+ ip: 10.0.0.1
+ hostname: master-private.example.com
+ public_ip: 24.222.0.1
+ public_hostname: master.example.com
+ roles:
+ - master
+ - node
+ containerized: true
+ - connect_to: 10.0.0.2
+ ip: 10.0.0.2
+ hostname: node1-private.example.com
+ public_ip: 24.222.0.2
+ public_hostname: node1.example.com
+ roles:
+ - node
+ - connect_to: 10.0.0.3
+ ip: 10.0.0.3
+ hostname: node2-private.example.com
+ public_ip: 24.222.0.3
+ public_hostname: node2.example.com
+ roles:
+ - node
+ roles:
+ master:
+ node:
```
## Primary Settings
@@ -76,5 +83,3 @@ Defines the user ansible will use to ssh to remote systems for gathering facts a
### ansible_log_path
Default: /tmp/ansible.log
-
-
diff --git a/utils/etc/ansible.cfg b/utils/etc/ansible.cfg
index b7376ddfc..a53ab6cb1 100644
--- a/utils/etc/ansible.cfg
+++ b/utils/etc/ansible.cfg
@@ -16,6 +16,9 @@ log_path = /tmp/ansible.log
forks = 10
host_key_checking = False
nocows = 1
+
+retry_files_enabled = False
+
# Need to handle:
# inventory - derive from OO_ANSIBLE_DIRECTORY env var
# callback_plugins - derive from pkg_resource.resource_filename
diff --git a/utils/src/ooinstall/__init__.py b/utils/src/ooinstall/__init__.py
index 944dea3b5..96e495e19 100644
--- a/utils/src/ooinstall/__init__.py
+++ b/utils/src/ooinstall/__init__.py
@@ -1,5 +1 @@
-# TODO: Temporarily disabled due to importing old code into openshift-ansible
-# repo. We will work on these over time.
# pylint: disable=missing-docstring
-
-from .oo_config import OOConfig
diff --git a/utils/src/ooinstall/ansible_plugins/facts_callback.py b/utils/src/ooinstall/ansible_plugins/facts_callback.py
index ea6ed6574..e51890a22 100644
--- a/utils/src/ooinstall/ansible_plugins/facts_callback.py
+++ b/utils/src/ooinstall/ansible_plugins/facts_callback.py
@@ -4,8 +4,11 @@
import os
import yaml
+from ansible.plugins.callback import CallbackBase
-class CallbackModule(object):
+
+# pylint: disable=super-init-not-called
+class CallbackModule(CallbackBase):
def __init__(self):
######################
@@ -17,72 +20,75 @@ class CallbackModule(object):
self.hosts_yaml_name = os.environ['OO_INSTALL_CALLBACK_FACTS_YAML']
except KeyError:
raise ValueError('The OO_INSTALL_CALLBACK_FACTS_YAML environment '
- 'variable must be set.')
+ 'variable must be set.')
self.hosts_yaml = os.open(self.hosts_yaml_name, os.O_CREAT |
- os.O_WRONLY)
+ os.O_WRONLY)
- def on_any(self, *args, **kwargs):
+ def v2_on_any(self, *args, **kwargs):
pass
- def runner_on_failed(self, host, res, ignore_errors=False):
+ def v2_runner_on_failed(self, res, ignore_errors=False):
pass
- def runner_on_ok(self, host, res):
- if res['invocation']['module_args'] == 'var=result':
- facts = res['var']['result']['ansible_facts']['openshift']
+ # pylint: disable=protected-access
+ def v2_runner_on_ok(self, res):
+ abridged_result = res._result.copy()
+ # Collect facts result from playbooks/byo/openshift_facts.yml
+ if 'result' in abridged_result:
+ facts = abridged_result['result']['ansible_facts']['openshift']
hosts_yaml = {}
- hosts_yaml[host] = facts
+ hosts_yaml[res._host.get_name()] = facts
os.write(self.hosts_yaml, yaml.safe_dump(hosts_yaml))
- def runner_on_skipped(self, host, item=None):
+ def v2_runner_on_skipped(self, res):
pass
- def runner_on_unreachable(self, host, res):
+ def v2_runner_on_unreachable(self, res):
pass
- def runner_on_no_hosts(self):
+ def v2_runner_on_no_hosts(self, task):
pass
- def runner_on_async_poll(self, host, res):
+ def v2_runner_on_async_poll(self, res):
pass
- def runner_on_async_ok(self, host, res):
+ def v2_runner_on_async_ok(self, res):
pass
- def runner_on_async_failed(self, host, res):
+ def v2_runner_on_async_failed(self, res):
pass
- def playbook_on_start(self):
+ def v2_playbook_on_start(self, playbook):
pass
- def playbook_on_notify(self, host, handler):
+ def v2_playbook_on_notify(self, res, handler):
pass
- def playbook_on_no_hosts_matched(self):
+ def v2_playbook_on_no_hosts_matched(self):
pass
- def playbook_on_no_hosts_remaining(self):
+ def v2_playbook_on_no_hosts_remaining(self):
pass
- def playbook_on_task_start(self, name, is_conditional):
+ def v2_playbook_on_task_start(self, name, is_conditional):
pass
- #pylint: disable=too-many-arguments
- def playbook_on_vars_prompt(self, varname, private=True, prompt=None,
- encrypt=None, confirm=False, salt_size=None, salt=None, default=None):
+ # pylint: disable=too-many-arguments
+ def v2_playbook_on_vars_prompt(self, varname, private=True, prompt=None,
+ encrypt=None, confirm=False, salt_size=None, salt=None, default=None):
pass
- def playbook_on_setup(self):
+ def v2_playbook_on_setup(self):
pass
- def playbook_on_import_for_host(self, host, imported_file):
+ def v2_playbook_on_import_for_host(self, res, imported_file):
pass
- def playbook_on_not_import_for_host(self, host, missing_file):
+ def v2_playbook_on_not_import_for_host(self, res, missing_file):
pass
- def playbook_on_play_start(self, name):
+ def v2_playbook_on_play_start(self, play):
pass
- def playbook_on_stats(self, stats):
+ def v2_playbook_on_stats(self, stats):
pass
diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py
index c9c13501d..2ba7efe3e 100644
--- a/utils/src/ooinstall/cli_installer.py
+++ b/utils/src/ooinstall/cli_installer.py
@@ -5,24 +5,58 @@
import os
import re
import sys
-from distutils.version import LooseVersion
+import logging
import click
+from pkg_resources import parse_version
from ooinstall import openshift_ansible
-from ooinstall import OOConfig
+from ooinstall.oo_config import OOConfig
from ooinstall.oo_config import OOConfigInvalidHostError
from ooinstall.oo_config import Host, Role
from ooinstall.variants import find_variant, get_variant_version_combos
+installer_log = logging.getLogger('installer')
+installer_log.setLevel(logging.CRITICAL)
+installer_file_handler = logging.FileHandler('/tmp/installer.txt')
+installer_file_handler.setFormatter(
+ logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))
+# Example output:
+# 2016-08-23 07:34:58,480 - installer - DEBUG - Going to 'load_system_facts'
+installer_file_handler.setLevel(logging.DEBUG)
+installer_log.addHandler(installer_file_handler)
+
DEFAULT_ANSIBLE_CONFIG = '/usr/share/atomic-openshift-utils/ansible.cfg'
DEFAULT_PLAYBOOK_DIR = '/usr/share/ansible/openshift-ansible/'
+UPGRADE_MAPPINGS = {
+ '3.0': {
+ 'minor_version': '3.0',
+ 'minor_playbook': 'v3_0_minor/upgrade.yml',
+ 'major_version': '3.1',
+ 'major_playbook': 'v3_0_to_v3_1/upgrade.yml',
+ },
+ '3.1': {
+ 'minor_version': '3.1',
+ 'minor_playbook': 'v3_1_minor/upgrade.yml',
+ 'major_playbook': 'v3_1_to_v3_2/upgrade.yml',
+ 'major_version': '3.2',
+ },
+ '3.2': {
+ 'minor_version': '3.2',
+ 'minor_playbook': 'v3_2/upgrade.yml',
+ 'major_playbook': 'v3_2/upgrade.yml',
+ 'major_version': '3.3',
+ }
+}
+
+
def validate_ansible_dir(path):
if not path:
- raise click.BadParameter('An ansible path must be provided')
+ raise click.BadParameter('An Ansible path must be provided')
return path
# if not os.path.exists(path)):
# raise click.BadParameter("Path \"{}\" doesn't exist".format(path))
+
def is_valid_hostname(hostname):
if not hostname or len(hostname) > 255:
return False
@@ -31,59 +65,43 @@ def is_valid_hostname(hostname):
allowed = re.compile(r"(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
return all(allowed.match(x) for x in hostname.split("."))
+
def validate_prompt_hostname(hostname):
if hostname == '' or is_valid_hostname(hostname):
return hostname
raise click.BadParameter('Invalid hostname. Please double-check this value and re-enter it.')
+
def get_ansible_ssh_user():
click.clear()
message = """
-This installation process will involve connecting to remote hosts via ssh. Any
-account may be used however if a non-root account is used it must have
+This installation process involves connecting to remote hosts via ssh. Any
+account may be used. However, if a non-root account is used, then it must have
passwordless sudo access.
"""
click.echo(message)
return click.prompt('User for ssh access', default='root')
+
def get_master_routingconfig_subdomain():
click.clear()
message = """
-You might want to override the default subdomain uses for exposed routes. If you don't know what
-this is, use the default value.
+You might want to override the default subdomain used for exposed routes. If you don't know what this is, use the default value.
"""
click.echo(message)
return click.prompt('New default subdomain (ENTER for none)', default='')
+
def list_hosts(hosts):
hosts_idx = range(len(hosts))
for idx in hosts_idx:
click.echo(' {}: {}'.format(idx, hosts[idx]))
-def delete_hosts(hosts):
- while True:
- list_hosts(hosts)
- del_idx = click.prompt('Select host to delete, y/Y to confirm, ' \
- 'or n/N to add more hosts', default='n')
- try:
- del_idx = int(del_idx)
- hosts.remove(hosts[del_idx])
- except IndexError:
- click.echo("\"{}\" doesn't match any hosts listed.".format(del_idx))
- except ValueError:
- try:
- response = del_idx.lower()
- if response in ['y', 'n']:
- return hosts, response
- click.echo("\"{}\" doesn't coorespond to any valid input.".format(del_idx))
- except AttributeError:
- click.echo("\"{}\" doesn't coorespond to any valid input.".format(del_idx))
- return hosts, None
def collect_hosts(oo_cfg, existing_env=False, masters_set=False, print_summary=True):
"""
Collect host information from user. This will later be filled in using
- ansible.
+ Ansible.
Returns: a list of host information collected from the user
"""
@@ -92,28 +110,28 @@ def collect_hosts(oo_cfg, existing_env=False, masters_set=False, print_summary=T
message = """
You must now specify the hosts that will compose your OpenShift cluster.
-Please enter an IP or hostname to connect to for each system in the cluster.
-You will then be prompted to identify what role you would like this system to
+Please enter an IP address or hostname to connect to for each system in the
+cluster. You will then be prompted to identify what role you want this system to
serve in the cluster.
-OpenShift Masters serve the API and web console and coordinate the jobs to run
-across the environment. If desired you can specify multiple Master systems for
-an HA deployment, in which case you will be prompted to identify a *separate*
-system to act as the load balancer for your cluster after all Masters and Nodes
-are defined.
+OpenShift masters serve the API and web console and coordinate the jobs to run
+across the environment. Optionally, you can specify multiple master systems for
+a high-availability (HA) deployment. If you choose an HA deployment, then you
+are prompted to identify a *separate* system to act as the load balancer for
+your cluster once you define all masters and nodes.
-If only one Master is specified, an etcd instance embedded within the OpenShift
-Master service will be used as the datastore. This can be later replaced with a
-separate etcd instance if desired. If multiple Masters are specified, a
-separate etcd cluster will be configured with each Master serving as a member.
+If only one master is specified, an etcd instance is embedded within the
+OpenShift master service to use as the datastore. This can be later replaced
+with a separate etcd instance, if required. If multiple masters are specified,
+then a separate etcd cluster is configured with each master serving as a member.
-Any Masters configured as part of this installation process will also be
-configured as Nodes. This is so that the Master will be able to proxy to Pods
-from the API. By default this Node will be unschedulable but this can be changed
-after installation with 'oadm manage-node'.
+Any masters configured as part of this installation process are also
+configured as nodes. This enables the master to proxy to pods
+from the API. By default, this node is unschedulable, but this can be changed
+after installation with the 'oadm manage-node' command.
-OpenShift Nodes provide the runtime environments for containers. They will
-host the required services to be managed by the Master.
+OpenShift nodes provide the runtime environments for containers. They host the
+required services to be managed by the master.
http://docs.openshift.com/enterprise/latest/architecture/infrastructure_components/kubernetes_infrastructure.html#master
http://docs.openshift.com/enterprise/latest/architecture/infrastructure_components/kubernetes_infrastructure.html#node
@@ -121,7 +139,7 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen
click.echo(message)
hosts = []
- roles = set(['master', 'node', 'storage'])
+ roles = set(['master', 'node', 'storage', 'etcd'])
more_hosts = True
num_masters = 0
while more_hosts:
@@ -131,8 +149,9 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen
value_proc=validate_prompt_hostname)
if not masters_set:
- if click.confirm('Will this host be an OpenShift Master?'):
+ if click.confirm('Will this host be an OpenShift master?'):
host_props['roles'].append('master')
+ host_props['roles'].append('etcd')
num_masters += 1
if oo_cfg.settings['variant_version'] == '3.0':
@@ -154,12 +173,11 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen
hosts.append(host)
-
if print_summary:
print_installation_summary(hosts, oo_cfg.settings['variant_version'])
# If we have one master, this is enough for an all-in-one deployment,
- # thus we can start asking if you wish to proceed. Otherwise we assume
+ # thus we can start asking if you want to proceed. Otherwise we assume
# you must.
if masters_set or num_masters != 2:
more_hosts = click.confirm('Do you want to add additional hosts?')
@@ -192,12 +210,12 @@ def print_installation_summary(hosts, version=None):
nodes = [host for host in hosts if host.is_node()]
dedicated_nodes = [host for host in hosts if host.is_node() and not host.is_master()]
click.echo('')
- click.echo('Total OpenShift Masters: %s' % len(masters))
- click.echo('Total OpenShift Nodes: %s' % len(nodes))
+ click.echo('Total OpenShift masters: %s' % len(masters))
+ click.echo('Total OpenShift nodes: %s' % len(nodes))
if len(masters) == 1 and version != '3.0':
ha_hint_message = """
-NOTE: Add a total of 3 or more Masters to perform an HA installation."""
+NOTE: Add a total of 3 or more masters to perform an HA installation."""
click.echo(ha_hint_message)
elif len(masters) == 2:
min_masters_message = """
@@ -206,19 +224,19 @@ Please add one more to proceed."""
click.echo(min_masters_message)
elif len(masters) >= 3:
ha_message = """
-NOTE: Multiple Masters specified, this will be an HA deployment with a separate
+NOTE: Multiple masters specified, this will be an HA deployment with a separate
etcd cluster. You will be prompted to provide the FQDN of a load balancer and
a host for storage once finished entering hosts.
"""
click.echo(ha_message)
dedicated_nodes_message = """
-WARNING: Dedicated Nodes are recommended for an HA deployment. If no dedicated
-Nodes are specified, each configured Master will be marked as a schedulable
-Node."""
+WARNING: Dedicated nodes are recommended for an HA deployment. If no dedicated
+nodes are specified, each configured master will be marked as a schedulable
+node."""
min_ha_nodes_message = """
-WARNING: A minimum of 3 dedicated Nodes are recommended for an HA
+WARNING: A minimum of 3 dedicated nodes are recommended for an HA
deployment."""
if len(dedicated_nodes) == 0:
click.echo(dedicated_nodes_message)
@@ -231,14 +249,14 @@ deployment."""
def print_host_summary(all_hosts, host):
click.echo("- %s" % host.connect_to)
if host.is_master():
- click.echo(" - OpenShift Master")
+ click.echo(" - OpenShift master")
if host.is_node():
if host.is_dedicated_node():
- click.echo(" - OpenShift Node (Dedicated)")
+ click.echo(" - OpenShift node (Dedicated)")
elif host.is_schedulable_node(all_hosts):
- click.echo(" - OpenShift Node")
+ click.echo(" - OpenShift node")
else:
- click.echo(" - OpenShift Node (Unscheduled)")
+ click.echo(" - OpenShift node (Unscheduled)")
if host.is_master_lb():
if host.preconfigured:
click.echo(" - Load Balancer (Preconfigured)")
@@ -262,14 +280,14 @@ def collect_master_lb(hosts):
this is an invalid configuration.
"""
message = """
-Setting up High Availability Masters requires a load balancing solution.
-Please provide a the FQDN of a host that will be configured as a proxy. This
+Setting up high-availability masters requires a load balancing solution.
+Please provide the FQDN of a host that will be configured as a proxy. This
can be either an existing load balancer configured to balance all masters on
port 8443 or a new host that will have HAProxy installed on it.
-If the host provided does is not yet configured, a reference haproxy load
-balancer will be installed. It's important to note that while the rest of the
-environment will be fault tolerant this reference load balancer will not be.
+If the host provided is not yet configured, a reference HAProxy load
+balancer will be installed. It's important to note that while the rest of the
+environment will be fault-tolerant, this reference load balancer will not be.
It can be replaced post-installation with a load balancer with the same
hostname.
"""
@@ -291,19 +309,20 @@ hostname.
host_props['connect_to'] = click.prompt('Enter hostname or IP address',
value_proc=validate_prompt_lb)
install_haproxy = \
- click.confirm('Should the reference haproxy load balancer be installed on this host?')
+ click.confirm('Should the reference HAProxy load balancer be installed on this host?')
host_props['preconfigured'] = not install_haproxy
host_props['roles'] = ['master_lb']
master_lb = Host(**host_props)
hosts.append(master_lb)
+
def collect_storage_host(hosts):
"""
Get a valid host for storage from the user and append it to the list of
hosts.
"""
message = """
-Setting up High Availability Masters requires a storage host. Please provide a
+Setting up high-availability masters requires a storage host. Please provide a
host that will be configured as a Registry Storage.
Note: Containerized storage hosts are not currently supported.
@@ -314,20 +333,19 @@ Note: Containerized storage hosts are not currently supported.
first_master = next(host for host in hosts if host.is_master())
hostname_or_ip = click.prompt('Enter hostname or IP address',
- value_proc=validate_prompt_hostname,
- default=first_master.connect_to)
+ value_proc=validate_prompt_hostname,
+ default=first_master.connect_to)
existing, existing_host = is_host_already_node_or_master(hostname_or_ip, hosts)
if existing and existing_host.is_node():
existing_host.roles.append('storage')
else:
host_props['connect_to'] = hostname_or_ip
host_props['preconfigured'] = False
- host_props['master'] = False
- host_props['node'] = False
- host_props['storage'] = True
+ host_props['roles'] = ['storage']
storage = Host(**host_props)
hosts.append(storage)
+
def is_host_already_node_or_master(hostname, hosts):
is_existing = False
existing_host = None
@@ -339,19 +357,20 @@ def is_host_already_node_or_master(hostname, hosts):
return is_existing, existing_host
+
def confirm_hosts_facts(oo_cfg, callback_facts):
hosts = oo_cfg.deployment.hosts
click.clear()
message = """
-A list of the facts gathered from the provided hosts follows. Because it is
-often the case that the hostname for a system inside the cluster is different
-from the hostname that is resolveable from command line or web clients
-these settings cannot be validated automatically.
+The following is a list of the facts gathered from the provided hosts. The
+hostname for a system inside the cluster is often different from the hostname
+that is resolveable from command-line or web clients, therefore these settings
+cannot be validated automatically.
-For some cloud providers the installer is able to gather metadata exposed in
-the instance so reasonable defaults will be provided.
+For some cloud providers, the installer is able to gather metadata exposed in
+the instance, so reasonable defaults will be provided.
-Plese confirm that they are correct before moving forward.
+Please confirm that they are correct before moving forward.
"""
notes = """
@@ -365,7 +384,7 @@ Notes:
* The public IP should be the externally accessible IP associated with the instance
* The hostname should resolve to the internal IP from the instances
themselves.
- * The public hostname should resolve to the external ip from hosts outside of
+ * The public hostname should resolve to the external IP from hosts outside of
the cloud.
"""
@@ -413,42 +432,41 @@ Edit %s with the desired values and run `atomic-openshift-installer --unattended
return default_facts
-
def check_hosts_config(oo_cfg, unattended):
click.clear()
masters = [host for host in oo_cfg.deployment.hosts if host.is_master()]
if len(masters) == 2:
- click.echo("A minimum of 3 Masters are required for HA deployments.")
+ click.echo("A minimum of 3 masters are required for HA deployments.")
sys.exit(1)
if len(masters) > 1:
master_lb = [host for host in oo_cfg.deployment.hosts if host.is_master_lb()]
if len(master_lb) > 1:
- click.echo('ERROR: More than one Master load balancer specified. Only one is allowed.')
+ click.echo('ERROR: More than one master load balancer specified. Only one is allowed.')
sys.exit(1)
elif len(master_lb) == 1:
if master_lb[0].is_master() or master_lb[0].is_node():
- click.echo('ERROR: The Master load balancer is configured as a master or node. ' \
+ click.echo('ERROR: The master load balancer is configured as a master or node. '
'Please correct this.')
sys.exit(1)
else:
message = """
ERROR: No master load balancer specified in config. You must provide the FQDN
-of a load balancer to balance the API (port 8443) on all Master hosts.
+of a load balancer to balance the API (port 8443) on all master hosts.
https://docs.openshift.org/latest/install_config/install/advanced_install.html#multiple-masters
"""
click.echo(message)
sys.exit(1)
- dedicated_nodes = [host for host in oo_cfg.deployment.hosts \
- if host.is_node() and not host.is_master()]
+ dedicated_nodes = [host for host in oo_cfg.deployment.hosts
+ if host.is_node() and not host.is_master()]
if len(dedicated_nodes) == 0:
message = """
-WARNING: No dedicated Nodes specified. By default, colocated Masters have
-their Nodes set to unschedulable. If you proceed all nodes will be labelled
+WARNING: No dedicated nodes specified. By default, colocated masters have
+their nodes set to unschedulable. If you proceed all nodes will be labelled
as schedulable.
"""
if unattended:
@@ -458,6 +476,7 @@ as schedulable.
return
+
def get_variant_and_version(multi_master=False):
message = "\nWhich variant would you like to install?\n\n"
@@ -465,7 +484,7 @@ def get_variant_and_version(multi_master=False):
combos = get_variant_version_combos()
for (variant, version) in combos:
message = "%s\n(%s) %s %s" % (message, i, variant.description,
- version.name)
+ version.name)
i = i + 1
message = "%s\n" % message
@@ -477,12 +496,14 @@ def get_variant_and_version(multi_master=False):
return product, version
+
def confirm_continue(message):
if message:
click.echo(message)
click.confirm("Are you ready to continue?", default=False, abort=True)
return
+
def error_if_missing_info(oo_cfg):
missing_info = False
if not oo_cfg.deployment.hosts:
@@ -491,7 +512,7 @@ def error_if_missing_info(oo_cfg):
'command line or in the config file: %s' % oo_cfg.config_path)
sys.exit(1)
- if 'ansible_ssh_user' not in oo_cfg.settings:
+ if 'ansible_ssh_user' not in oo_cfg.deployment.variables:
click.echo("Must specify ansible_ssh_user in configuration file.")
sys.exit(1)
@@ -522,6 +543,7 @@ def error_if_missing_info(oo_cfg):
if missing_info:
sys.exit(1)
+
def get_host_roles_set(oo_cfg):
roles_set = set()
for host in oo_cfg.deployment.hosts:
@@ -530,13 +552,13 @@ def get_host_roles_set(oo_cfg):
return roles_set
+
def get_proxy_hostnames_and_excludes():
message = """
-If a proxy is needed to reach HTTP and HTTPS traffic please enter the name below.
-This proxy will be configured by default for all processes needing to reach systems outside
-the cluster.
+If a proxy is needed to reach HTTP and HTTPS traffic, please enter the name below.
+This proxy will be configured by default for all processes that need to reach systems outside the cluster.
-More advanced configuration is possible if using ansible directly:
+More advanced configuration is possible if using Ansible directly:
https://docs.openshift.com/enterprise/latest/install_config/http_proxies.html
"""
@@ -550,7 +572,7 @@ https://docs.openshift.com/enterprise/latest/install_config/http_proxies.html
if http_proxy_hostname or https_proxy_hostname:
message = """
-All hosts in your openshift inventory will automatically be added to the NO_PROXY value.
+All hosts in your OpenShift inventory will automatically be added to the NO_PROXY value.
Please provide any additional hosts to be added to NO_PROXY. (ENTER for none)
"""
proxy_excludes = click.prompt(message, default='')
@@ -559,6 +581,7 @@ Please provide any additional hosts to be added to NO_PROXY. (ENTER for none)
return http_proxy_hostname, https_proxy_hostname, proxy_excludes
+
def get_missing_info_from_user(oo_cfg):
""" Prompts the user for any information missing from the given configuration. """
click.clear()
@@ -574,10 +597,10 @@ Please confirm that following prerequisites have been met:
repositories.
* All systems have run docker-storage-setup (part of the Red Hat docker RPM).
* All systems have working DNS that resolves not only from the perspective of
- the installer but also from within the cluster.
+ the installer, but also from within the cluster.
-When the process completes you will have a default configuration for Masters
-and Nodes. For ongoing environment maintenance it's recommended that the
+When the process completes you will have a default configuration for masters
+and nodes. For ongoing environment maintenance it's recommended that the
official Ansible playbooks be used.
For more information on installation prerequisites please see:
@@ -586,30 +609,34 @@ https://docs.openshift.com/enterprise/latest/admin_guide/install/prerequisites.h
confirm_continue(message)
click.clear()
- if not oo_cfg.settings.get('ansible_ssh_user', ''):
- oo_cfg.settings['ansible_ssh_user'] = get_ansible_ssh_user()
+ if not oo_cfg.deployment.variables.get('ansible_ssh_user', False):
+ oo_cfg.deployment.variables['ansible_ssh_user'] = get_ansible_ssh_user()
click.clear()
if not oo_cfg.settings.get('variant', ''):
variant, version = get_variant_and_version()
oo_cfg.settings['variant'] = variant.name
oo_cfg.settings['variant_version'] = version.name
+ oo_cfg.settings['variant_subtype'] = version.subtype
click.clear()
if not oo_cfg.deployment.hosts:
oo_cfg.deployment.hosts, roles = collect_hosts(oo_cfg)
+ set_infra_nodes(oo_cfg.deployment.hosts)
for role in roles:
oo_cfg.deployment.roles[role] = Role(name=role, variables={})
click.clear()
- if not 'master_routingconfig_subdomain' in oo_cfg.deployment.variables:
- oo_cfg.deployment.variables['master_routingconfig_subdomain'] = \
- get_master_routingconfig_subdomain()
+ if 'master_routingconfig_subdomain' not in oo_cfg.deployment.variables:
+ oo_cfg.deployment.variables['master_routingconfig_subdomain'] = get_master_routingconfig_subdomain()
click.clear()
+ current_version = parse_version(
+ oo_cfg.settings.get('variant_version', '0.0'))
+ min_version = parse_version('3.2')
if not oo_cfg.settings.get('openshift_http_proxy', None) and \
- LooseVersion(oo_cfg.settings.get('variant_version', '0.0')) >= LooseVersion('3.2'):
+ current_version >= min_version:
http_proxy, https_proxy, proxy_excludes = get_proxy_hostnames_and_excludes()
oo_cfg.deployment.variables['proxy_http'] = http_proxy
oo_cfg.deployment.variables['proxy_https'] = https_proxy
@@ -627,10 +654,12 @@ def get_role_variable(oo_cfg, role_name, variable_name):
except (StopIteration, KeyError):
return None
+
def set_role_variable(oo_cfg, role_name, variable_name, variable_value):
target_role = next(role for role in oo_cfg.deployment.roles if role.name is role_name)
target_role[variable_name] = variable_value
+
def collect_new_nodes(oo_cfg):
click.clear()
click.echo('*** New Node Configuration ***')
@@ -641,32 +670,27 @@ Add new nodes here
new_nodes, _ = collect_hosts(oo_cfg, existing_env=True, masters_set=True, print_summary=False)
return new_nodes
+
def get_installed_hosts(hosts, callback_facts):
installed_hosts = []
+ uninstalled_hosts = []
+ for host in [h for h in hosts if h.is_master() or h.is_node()]:
+ if host.connect_to in callback_facts.keys():
+ if is_installed_host(host, callback_facts):
+ installed_hosts.append(host)
+ else:
+ uninstalled_hosts.append(host)
+ return installed_hosts, uninstalled_hosts
- # count nativeha lb as an installed host
- try:
- first_master = next(host for host in hosts if host.is_master())
- lb_hostname = callback_facts[first_master.connect_to]['master'].get('cluster_hostname', '')
- lb_host = \
- next(host for host in hosts if host.ip == callback_facts[lb_hostname]['common']['ip'])
-
- installed_hosts.append(lb_host)
- except (KeyError, StopIteration):
- pass
-
- for host in hosts:
- if host.connect_to in callback_facts.keys() and is_installed_host(host, callback_facts):
- installed_hosts.append(host)
- return installed_hosts
def is_installed_host(host, callback_facts):
version_found = 'common' in callback_facts[host.connect_to].keys() and \
- callback_facts[host.connect_to]['common'].get('version', '') and \
- callback_facts[host.connect_to]['common'].get('version', '') != 'None'
+ callback_facts[host.connect_to]['common'].get('version', '') and \
+ callback_facts[host.connect_to]['common'].get('version', '') != 'None'
return version_found
+
# pylint: disable=too-many-branches
# This pylint error will be corrected shortly in separate PR.
def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose):
@@ -675,16 +699,16 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose):
hosts_to_run_on = list(oo_cfg.deployment.hosts)
# Check if master or nodes already have something installed
- installed_hosts = get_installed_hosts(oo_cfg.deployment.hosts, callback_facts)
+ installed_hosts, uninstalled_hosts = get_installed_hosts(oo_cfg.deployment.hosts, callback_facts)
if len(installed_hosts) > 0:
click.echo('Installed environment detected.')
# This check has to happen before we start removing hosts later in this method
if not force:
if not unattended:
- click.echo('By default the installer only adds new nodes ' \
+ click.echo('By default the installer only adds new nodes '
'to an installed environment.')
- response = click.prompt('Do you want to (1) only add additional nodes or ' \
- '(2) reinstall the existing hosts ' \
+ response = click.prompt('Do you want to (1) only add additional nodes or '
+ '(2) reinstall the existing hosts '
'potentially erasing any custom changes?',
type=int)
# TODO: this should be reworked with error handling.
@@ -698,29 +722,31 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose):
# present a message listing already installed hosts and remove hosts if needed
for host in installed_hosts:
if host.is_master():
- click.echo("{} is already an OpenShift Master".format(host))
+ click.echo("{} is already an OpenShift master".format(host))
# Masters stay in the list, we need to run against them when adding
# new nodes.
elif host.is_node():
- click.echo("{} is already an OpenShift Node".format(host))
+ click.echo("{} is already an OpenShift node".format(host))
# force is only used for reinstalls so we don't want to remove
# anything.
if not force:
hosts_to_run_on.remove(host)
# Handle the cases where we know about uninstalled systems
- new_hosts = set(hosts_to_run_on) - set(installed_hosts)
- if len(new_hosts) > 0:
- for new_host in new_hosts:
- click.echo("{} is currently uninstalled".format(new_host))
-
+ if len(uninstalled_hosts) > 0:
+ for uninstalled_host in uninstalled_hosts:
+ click.echo("{} is currently uninstalled".format(uninstalled_host))
# Fall through
- click.echo('Adding additional nodes...')
+ click.echo('\nUninstalled hosts have been detected in your environment. '
+ 'Please make sure your environment was installed successfully '
+ 'before adding new nodes. If you want a fresh install, use '
+ '`atomic-openshift-installer install --force`')
+ sys.exit(1)
else:
if unattended:
if not force:
- click.echo('Installed environment detected and no additional ' \
- 'nodes specified: aborting. If you want a fresh install, use ' \
+ click.echo('Installed environment detected and no additional '
+ 'nodes specified: aborting. If you want a fresh install, use '
'`atomic-openshift-installer install --force`')
sys.exit(1)
else:
@@ -734,24 +760,35 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose):
click.echo('Gathering information from hosts...')
callback_facts, error = openshift_ansible.default_facts(oo_cfg.deployment.hosts, verbose)
if error or callback_facts is None:
- click.echo("There was a problem fetching the required information. See " \
+ click.echo("There was a problem fetching the required information. See "
"{} for details.".format(oo_cfg.settings['ansible_log_path']))
sys.exit(1)
else:
- pass # proceeding as normal should do a clean install
+ pass # proceeding as normal should do a clean install
return hosts_to_run_on, callback_facts
+def set_infra_nodes(hosts):
+ if all(host.is_master() for host in hosts):
+ infra_list = hosts
+ else:
+ nodes_list = [host for host in hosts if host.is_node()]
+ infra_list = nodes_list[:2]
+
+ for host in infra_list:
+ host.node_labels = "{'region': 'infra'}"
+
+
@click.group()
@click.pass_context
@click.option('--unattended', '-u', is_flag=True, default=False)
@click.option('--configuration', '-c',
- type=click.Path(file_okay=True,
- dir_okay=False,
- writable=True,
- readable=True),
- default=None)
+ type=click.Path(file_okay=True,
+ dir_okay=False,
+ writable=True,
+ readable=True),
+ default=None)
@click.option('--ansible-playbook-directory',
'-a',
type=click.Path(exists=True,
@@ -762,23 +799,27 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose):
default=DEFAULT_PLAYBOOK_DIR,
envvar='OO_ANSIBLE_PLAYBOOK_DIRECTORY')
@click.option('--ansible-config',
- type=click.Path(file_okay=True,
- dir_okay=False,
- writable=True,
- readable=True),
- default=None)
+ type=click.Path(file_okay=True,
+ dir_okay=False,
+ writable=True,
+ readable=True),
+ default=None)
@click.option('--ansible-log-path',
- type=click.Path(file_okay=True,
- dir_okay=False,
- writable=True,
- readable=True),
- default="/tmp/ansible.log")
+ type=click.Path(file_okay=True,
+ dir_okay=False,
+ writable=True,
+ readable=True),
+ default="/tmp/ansible.log")
@click.option('-v', '--verbose',
- is_flag=True, default=False)
-#pylint: disable=too-many-arguments
-#pylint: disable=line-too-long
+ is_flag=True, default=False)
+@click.option('-d', '--debug',
+ help="Enable installer debugging (/tmp/installer.log)",
+ is_flag=True, default=False)
+@click.help_option('--help', '-h')
+# pylint: disable=too-many-arguments
+# pylint: disable=line-too-long
# Main CLI entrypoint, not much we can do about too many arguments.
-def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_config, ansible_log_path, verbose):
+def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_config, ansible_log_path, verbose, debug):
"""
atomic-openshift-installer makes the process for installing OSE or AEP
easier by interactively gathering the data needed to run on each host.
@@ -786,6 +827,14 @@ def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_conf
Further reading: https://docs.openshift.com/enterprise/latest/install_config/install/quick_install.html
"""
+ if debug:
+ # DEFAULT log level threshold is set to CRITICAL (the
+ # highest), anything below that (we only use debug/warning
+ # presently) is not logged. If '-d' is given though, we'll
+ # lower the threshold to debug (almost everything gets through)
+ installer_log.setLevel(logging.DEBUG)
+ installer_log.debug("Quick Installer debugging initialized")
+
ctx.obj = {}
ctx.obj['unattended'] = unattended
ctx.obj['configuration'] = configuration
@@ -813,7 +862,7 @@ def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_conf
if ctx.obj['ansible_config']:
oo_cfg.settings['ansible_config'] = ctx.obj['ansible_config']
elif 'ansible_config' not in oo_cfg.settings and \
- os.path.exists(DEFAULT_ANSIBLE_CONFIG):
+ os.path.exists(DEFAULT_ANSIBLE_CONFIG):
# If we're installed by RPM this file should exist and we can use it as our default:
oo_cfg.settings['ansible_config'] = DEFAULT_ANSIBLE_CONFIG
@@ -829,46 +878,34 @@ def uninstall(ctx):
oo_cfg = ctx.obj['oo_cfg']
verbose = ctx.obj['verbose']
- if len(oo_cfg.deployment.hosts) == 0:
+ if hasattr(oo_cfg, 'deployment'):
+ hosts = oo_cfg.deployment.hosts
+ elif hasattr(oo_cfg, 'hosts'):
+ hosts = oo_cfg.hosts
+ else:
click.echo("No hosts defined in: %s" % oo_cfg.config_path)
sys.exit(1)
click.echo("OpenShift will be uninstalled from the following hosts:\n")
if not ctx.obj['unattended']:
# Prompt interactively to confirm:
- for host in oo_cfg.deployment.hosts:
+ for host in hosts:
click.echo(" * %s" % host.connect_to)
- proceed = click.confirm("\nDo you wish to proceed?")
+ proceed = click.confirm("\nDo you want to proceed?")
if not proceed:
click.echo("Uninstall cancelled.")
sys.exit(0)
- openshift_ansible.run_uninstall_playbook(verbose)
+ openshift_ansible.run_uninstall_playbook(hosts, verbose)
@click.command()
@click.option('--latest-minor', '-l', is_flag=True, default=False)
@click.option('--next-major', '-n', is_flag=True, default=False)
@click.pass_context
-#pylint: disable=bad-builtin,too-many-statements
+# pylint: disable=too-many-statements
def upgrade(ctx, latest_minor, next_major):
oo_cfg = ctx.obj['oo_cfg']
- verbose = ctx.obj['verbose']
-
- # major/minor fields are optional, as we don't always support minor/major
- # upgrade for what you're currently running.
- upgrade_mappings = {
- '3.1':{
- 'major_playbook':'v3_2/upgrade.yml',
- 'major_version' :'3.2',
- },
- '3.2':{
- 'minor_playbook':'v3_2/upgrade.yml',
-# Uncomment these when we're ready to support 3.3.
-# 'major_version' :'3.3',
-# 'major_playbook':'v3_1_to_v3_2/upgrade.yml',
- },
- }
if len(oo_cfg.deployment.hosts) == 0:
click.echo("No hosts defined in: %s" % oo_cfg.config_path)
@@ -880,7 +917,7 @@ def upgrade(ctx, latest_minor, next_major):
sys.exit(0)
old_version = oo_cfg.settings['variant_version']
- mapping = upgrade_mappings.get(old_version)
+ mapping = UPGRADE_MAPPINGS.get(old_version)
message = """
This tool will help you upgrade your existing OpenShift installation.
@@ -909,41 +946,42 @@ def upgrade(ctx, latest_minor, next_major):
if next_major:
if 'major_playbook' not in mapping:
- click.echo("No major upgrade supported for %s %s with this version "\
+ click.echo("No major upgrade supported for %s %s with this version "
"of atomic-openshift-utils." % (variant, old_version))
sys.exit(0)
playbook = mapping['major_playbook']
new_version = mapping['major_version']
# Update config to reflect the version we're targetting, we'll write
- # to disk once ansible completes successfully, not before.
+ # to disk once Ansible completes successfully, not before.
oo_cfg.settings['variant_version'] = new_version
if oo_cfg.settings['variant'] == 'enterprise':
oo_cfg.settings['variant'] = 'openshift-enterprise'
if latest_minor:
if 'minor_playbook' not in mapping:
- click.echo("No minor upgrade supported for %s %s with this version "\
+ click.echo("No minor upgrade supported for %s %s with this version "
"of atomic-openshift-utils." % (variant, old_version))
sys.exit(0)
playbook = mapping['minor_playbook']
new_version = old_version
- click.echo("Openshift will be upgraded from %s %s to latest %s %s on the following hosts:\n" % (
+ click.echo("OpenShift will be upgraded from %s %s to latest %s %s on the following hosts:\n" % (
variant, old_version, oo_cfg.settings['variant'], new_version))
for host in oo_cfg.deployment.hosts:
click.echo(" * %s" % host.connect_to)
if not ctx.obj['unattended']:
# Prompt interactively to confirm:
- proceed = click.confirm("\nDo you wish to proceed?")
- if not proceed:
+ if not click.confirm("\nDo you want to proceed?"):
click.echo("Upgrade cancelled.")
sys.exit(0)
- retcode = openshift_ansible.run_upgrade_playbook(playbook, verbose)
+ retcode = openshift_ansible.run_upgrade_playbook(oo_cfg.deployment.hosts,
+ playbook,
+ ctx.obj['verbose'])
if retcode > 0:
click.echo("Errors encountered during upgrade, please check %s." %
- oo_cfg.settings['ansible_log_path'])
+ oo_cfg.settings['ansible_log_path'])
else:
oo_cfg.save_to_disk()
click.echo("Upgrade completed! Rebooting all hosts is recommended.")
@@ -952,7 +990,7 @@ def upgrade(ctx, latest_minor, next_major):
@click.command()
@click.option('--force', '-f', is_flag=True, default=False)
@click.option('--gen-inventory', is_flag=True, default=False,
- help="Generate an ansible inventory file and exit.")
+ help="Generate an Ansible inventory file and exit.")
@click.pass_context
def install(ctx, force, gen_inventory):
oo_cfg = ctx.obj['oo_cfg']
@@ -968,17 +1006,16 @@ def install(ctx, force, gen_inventory):
print_installation_summary(oo_cfg.deployment.hosts, oo_cfg.settings.get('variant_version', None))
click.echo('Gathering information from hosts...')
callback_facts, error = openshift_ansible.default_facts(oo_cfg.deployment.hosts,
- verbose)
+ verbose)
if error or callback_facts is None:
- click.echo("There was a problem fetching the required information. " \
+ click.echo("There was a problem fetching the required information. "
"Please see {} for details.".format(oo_cfg.settings['ansible_log_path']))
sys.exit(1)
hosts_to_run_on, callback_facts = get_hosts_to_run_on(
oo_cfg, callback_facts, ctx.obj['unattended'], force, verbose)
-
# We already verified this is not the case for unattended installs, so this can
# only trigger for live CLI users:
# TODO: if there are *new* nodes and this is a live install, we may need the user
@@ -990,12 +1027,12 @@ def install(ctx, force, gen_inventory):
# Write quick installer config file to disk:
oo_cfg.save_to_disk()
- # Write ansible inventory file to disk:
+ # Write Ansible inventory file to disk:
inventory_file = openshift_ansible.generate_inventory(hosts_to_run_on)
click.echo()
click.echo('Wrote atomic-openshift-installer config: %s' % oo_cfg.config_path)
- click.echo("Wrote ansible inventory: %s" % inventory_file)
+ click.echo("Wrote Ansible inventory: %s" % inventory_file)
click.echo()
if gen_inventory:
@@ -1014,7 +1051,7 @@ If changes are needed please edit the config file above and re-run.
if error:
# The bootstrap script will print out the log location.
message = """
-An error was detected. After resolving the problem please relaunch the
+An error was detected. After resolving the problem please relaunch the
installation process.
"""
click.echo(message)
@@ -1024,7 +1061,7 @@ installation process.
The installation was successful!
If this is your first time installing please take a look at the Administrator
-Guide for advanced options related to routing, storage, authentication and much
+Guide for advanced options related to routing, storage, authentication, and
more:
http://docs.openshift.com/enterprise/latest/admin_guide/overview.html
diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py
index fc06a0c4a..393b36f6f 100644
--- a/utils/src/ooinstall/oo_config.py
+++ b/utils/src/ooinstall/oo_config.py
@@ -2,9 +2,13 @@
import os
import sys
+import logging
import yaml
from pkg_resources import resource_filename
+
+installer_log = logging.getLogger('installer')
+
CONFIG_PERSIST_SETTINGS = [
'ansible_ssh_user',
'ansible_callback_facts_yaml',
@@ -14,19 +18,29 @@ CONFIG_PERSIST_SETTINGS = [
'deployment',
'version',
'variant',
+ 'variant_subtype',
'variant_version',
- ]
+]
-DEPLOYMENT_PERSIST_SETTINGS = [
- 'master_routingconfig_subdomain',
- 'proxy_http',
- 'proxy_https',
- 'proxy_exclude_hosts',
+DEPLOYMENT_VARIABLES_BLACKLIST = [
+ 'hosts',
+ 'roles',
]
DEFAULT_REQUIRED_FACTS = ['ip', 'public_ip', 'hostname', 'public_hostname']
PRECONFIGURED_REQUIRED_FACTS = ['hostname', 'public_hostname']
+
+def print_read_config_error(error, path='the configuration file'):
+ message = """
+Error loading config. {}.
+
+See https://docs.openshift.com/enterprise/latest/install_config/install/quick_install.html#defining-an-installation-configuration-file
+for information on creating a configuration file or delete {} and re-run the installer.
+"""
+ print message.format(error, path)
+
+
class OOConfigFileError(Exception):
"""The provided config file path can't be read/written
"""
@@ -56,6 +70,8 @@ class Host(object):
# allowable roles: master, node, etcd, storage, master_lb, new
self.roles = kwargs.get('roles', [])
+ self.other_variables = kwargs.get('other_variables', {})
+
if self.connect_to is None:
raise OOConfigInvalidHostError(
"You must specify either an ip or hostname as 'connect_to'")
@@ -71,7 +87,8 @@ class Host(object):
d = {}
for prop in ['ip', 'hostname', 'public_ip', 'public_hostname', 'connect_to',
- 'preconfigured', 'containerized', 'schedulable', 'roles', 'node_labels']:
+ 'preconfigured', 'containerized', 'schedulable', 'roles', 'node_labels',
+ 'other_variables']:
# If the property is defined (not None or False), export it:
if getattr(self, prop):
d[prop] = getattr(self, prop)
@@ -89,7 +106,6 @@ class Host(object):
def is_storage(self):
return 'storage' in self.roles
-
def is_etcd_member(self, all_hosts):
""" Will this host be a member of a standalone etcd cluster. """
if not self.is_master():
@@ -163,35 +179,60 @@ class OOConfig(object):
self._read_config()
self._set_defaults()
-
+ # pylint: disable=too-many-branches
+ # Lots of different checks ran in a single method, could
+ # use a little refactoring-love some time
def _read_config(self):
+ installer_log.debug("Attempting to read the OO Config")
try:
+ installer_log.debug("Attempting to see if the provided config file exists: %s", self.config_path)
if os.path.exists(self.config_path):
+ installer_log.debug("We think the config file exists: %s", self.config_path)
with open(self.config_path, 'r') as cfgfile:
loaded_config = yaml.safe_load(cfgfile.read())
- # Use the presence of a Description as an indicator this is
- # a legacy config file:
- if 'Description' in self.settings:
- self._upgrade_legacy_config()
+ if 'version' not in loaded_config:
+ print_read_config_error('Legacy configuration file found', self.config_path)
+ sys.exit(0)
+
+ if loaded_config.get('version', '') == 'v1':
+ loaded_config = self._upgrade_v1_config(loaded_config)
try:
host_list = loaded_config['deployment']['hosts']
role_list = loaded_config['deployment']['roles']
except KeyError as e:
- print "Error loading config, no such key: {}".format(e)
+ print_read_config_error("No such key: {}".format(e), self.config_path)
+ print "Error loading config, required key missing: {}".format(e)
sys.exit(0)
for setting in CONFIG_PERSIST_SETTINGS:
+ persisted_value = loaded_config.get(setting)
+ if persisted_value is not None:
+ self.settings[setting] = str(persisted_value)
+
+ # We've loaded any persisted configs, let's verify any
+ # paths which are required for a correct and complete
+ # install
+
+ # - ansible_callback_facts_yaml - Settings from a
+ # pervious run. If the file doesn't exist then we
+ # will just warn about it for now and recollect the
+ # facts.
+ if self.settings.get('ansible_callback_facts_yaml', None) is not None:
+ if not os.path.exists(self.settings['ansible_callback_facts_yaml']):
+ # Cached callback facts file does not exist
+ installer_log.warning("The specified 'ansible_callback_facts_yaml'"
+ "file does not exist (%s)",
+ self.settings['ansible_callback_facts_yaml'])
+ installer_log.debug("Remote system facts will be collected again later")
+ self.settings.pop('ansible_callback_facts_yaml')
+
+ for setting in loaded_config['deployment']:
try:
- self.settings[setting] = str(loaded_config[setting])
- except KeyError:
- continue
-
- for setting in DEPLOYMENT_PERSIST_SETTINGS:
- try:
- self.deployment.variables[setting] = \
- str(loaded_config['deployment'][setting])
+ if setting not in DEPLOYMENT_VARIABLES_BLACKLIST:
+ self.deployment.variables[setting] = \
+ str(loaded_config['deployment'][setting])
except KeyError:
continue
@@ -203,47 +244,67 @@ class OOConfig(object):
for name, variables in role_list.iteritems():
self.deployment.roles.update({name: Role(name, variables)})
-
except IOError, ferr:
raise OOConfigFileError('Cannot open config file "{}": {}'.format(ferr.filename,
ferr.strerror))
except yaml.scanner.ScannerError:
raise OOConfigFileError(
'Config file "{}" is not a valid YAML document'.format(self.config_path))
+ installer_log.debug("Parsed the config file")
+
+ def _upgrade_v1_config(self, config):
+ new_config_data = {}
+ new_config_data['deployment'] = {}
+ new_config_data['deployment']['hosts'] = []
+ new_config_data['deployment']['roles'] = {}
+ new_config_data['deployment']['variables'] = {}
+
+ role_list = {}
- def _upgrade_legacy_config(self):
- new_hosts = []
- remove_settings = ['validated_facts', 'Description', 'Name',
- 'Subscription', 'Vendor', 'Version', 'masters', 'nodes']
-
- if 'validated_facts' in self.settings:
- for key, value in self.settings['validated_facts'].iteritems():
- value['connect_to'] = key
- if 'masters' in self.settings and key in self.settings['masters']:
- value['master'] = True
- if 'nodes' in self.settings and key in self.settings['nodes']:
- value['node'] = True
- new_hosts.append(value)
- self.settings['hosts'] = new_hosts
-
- for s in remove_settings:
- if s in self.settings:
- del self.settings[s]
-
- # A legacy config implies openshift-enterprise 3.0:
- self.settings['variant'] = 'openshift-enterprise'
- self.settings['variant_version'] = '3.0'
-
- def _upgrade_v1_config(self):
- #TODO write code to upgrade old config
- return
+ if config.get('ansible_ssh_user', False):
+ new_config_data['deployment']['ansible_ssh_user'] = config['ansible_ssh_user']
+
+ if config.get('variant', False):
+ new_config_data['variant'] = config['variant']
+
+ if config.get('variant_version', False):
+ new_config_data['variant_version'] = config['variant_version']
+
+ for host in config['hosts']:
+ host_props = {}
+ host_props['roles'] = []
+ host_props['connect_to'] = host['connect_to']
+
+ for prop in ['ip', 'public_ip', 'hostname', 'public_hostname', 'containerized', 'preconfigured']:
+ host_props[prop] = host.get(prop, None)
+
+ for role in ['master', 'node', 'master_lb', 'storage', 'etcd']:
+ if host.get(role, False):
+ host_props['roles'].append(role)
+ role_list[role] = ''
+
+ new_config_data['deployment']['hosts'].append(host_props)
+
+ new_config_data['deployment']['roles'] = role_list
+
+ return new_config_data
def _set_defaults(self):
+ installer_log.debug("Setting defaults, current OOConfig settings: %s", self.settings)
if 'ansible_inventory_directory' not in self.settings:
self.settings['ansible_inventory_directory'] = self._default_ansible_inv_dir()
+
if not os.path.exists(self.settings['ansible_inventory_directory']):
+ installer_log.debug("'ansible_inventory_directory' does not exist, "
+ "creating it now (%s)",
+ self.settings['ansible_inventory_directory'])
os.makedirs(self.settings['ansible_inventory_directory'])
+ else:
+ installer_log.debug("We think this 'ansible_inventory_directory' "
+ "is OK: %s",
+ self.settings['ansible_inventory_directory'])
+
if 'ansible_plugins_directory' not in self.settings:
self.settings['ansible_plugins_directory'] = \
resource_filename(__name__, 'ansible_plugins')
@@ -251,8 +312,14 @@ class OOConfig(object):
self.settings['version'] = 'v2'
if 'ansible_callback_facts_yaml' not in self.settings:
+ installer_log.debug("No 'ansible_callback_facts_yaml' in self.settings")
self.settings['ansible_callback_facts_yaml'] = '%s/callback_facts.yaml' % \
self.settings['ansible_inventory_directory']
+ installer_log.debug("Value: %s", self.settings['ansible_callback_facts_yaml'])
+ else:
+ installer_log.debug("'ansible_callback_facts_yaml' already set "
+ "in self.settings: %s",
+ self.settings['ansible_callback_facts_yaml'])
if 'ansible_ssh_user' not in self.settings:
self.settings['ansible_ssh_user'] = ''
@@ -260,11 +327,17 @@ class OOConfig(object):
self.settings['ansible_inventory_path'] = \
'{}/hosts'.format(os.path.dirname(self.config_path))
+ # pylint: disable=consider-iterating-dictionary
+ # Disabled because we shouldn't alter the container we're
+ # iterating over
+ #
# clean up any empty sets
for setting in self.settings.keys():
if not self.settings[setting]:
self.settings.pop(setting)
+ installer_log.debug("Updated OOConfig settings: %s", self.settings)
+
def _default_ansible_inv_dir(self):
return os.path.normpath(
os.path.dirname(self.config_path) + "/.ansible")
@@ -303,21 +376,20 @@ class OOConfig(object):
if setting in self.settings and self.settings[setting]:
p_settings[setting] = self.settings[setting]
-
p_settings['deployment'] = {}
p_settings['deployment']['hosts'] = []
p_settings['deployment']['roles'] = {}
- for setting in DEPLOYMENT_PERSIST_SETTINGS:
- if setting in self.deployment.variables:
- p_settings['deployment'][setting] = self.deployment.variables[setting]
-
for host in self.deployment.hosts:
p_settings['deployment']['hosts'].append(host.to_dict())
for name, role in self.deployment.roles.iteritems():
p_settings['deployment']['roles'][name] = role.variables
+ for setting in self.deployment.variables:
+ if setting not in DEPLOYMENT_VARIABLES_BLACKLIST:
+ p_settings['deployment'][setting] = self.deployment.variables[setting]
+
try:
p_settings['variant'] = self.settings['variant']
p_settings['variant_version'] = self.settings['variant_version']
@@ -328,7 +400,6 @@ class OOConfig(object):
print "Error persisting settings: {}".format(e)
sys.exit(0)
-
return p_settings
def yaml(self):
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 352955026..75d26c10a 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -1,124 +1,90 @@
-# TODO: Temporarily disabled due to importing old code into openshift-ansible
-# repo. We will work on these over time.
# pylint: disable=bad-continuation,missing-docstring,no-self-use,invalid-name,global-statement,global-variable-not-assigned
import socket
import subprocess
import sys
import os
+import logging
import yaml
from ooinstall.variants import find_variant
+installer_log = logging.getLogger('installer')
+
CFG = None
ROLES_TO_GROUPS_MAP = {
'master': 'masters',
'node': 'nodes',
- 'storage': 'nfs'
+ 'etcd': 'etcd',
+ 'storage': 'nfs',
+ 'master_lb': 'lb'
}
VARIABLES_MAP = {
'ansible_ssh_user': 'ansible_ssh_user',
- 'ansible_config': 'ansible_config',
- 'ansible_log_path': 'ansible_log_path',
'deployment_type': 'deployment_type',
- 'master_routingconfig_subdomain':'openshift_master_default_subdomain',
- 'proxy_http':'openshift_http_proxy',
+ 'variant_subtype': 'deployment_subtype',
+ 'master_routingconfig_subdomain': 'openshift_master_default_subdomain',
+ 'proxy_http': 'openshift_http_proxy',
'proxy_https': 'openshift_https_proxy',
'proxy_exclude_hosts': 'openshift_no_proxy',
}
+
def set_config(cfg):
global CFG
CFG = cfg
+
def generate_inventory(hosts):
global CFG
+
masters = [host for host in hosts if host.is_master()]
- nodes = [host for host in hosts if host.is_node()]
- new_nodes = [host for host in hosts if host.is_node() and host.new_host]
- proxy = determine_proxy_configuration(hosts)
- storage = determine_storage_configuration(hosts)
multiple_masters = len(masters) > 1
+
+ new_nodes = [host for host in hosts if host.is_node() and host.new_host]
scaleup = len(new_nodes) > 0
+ lb = determine_lb_configuration(hosts)
+
base_inventory_path = CFG.settings['ansible_inventory_path']
base_inventory = open(base_inventory_path, 'w')
- write_inventory_children(base_inventory, multiple_masters, proxy, scaleup)
-
- write_inventory_vars(base_inventory, multiple_masters, proxy)
-
- # Find the correct deployment type for ansible:
- ver = find_variant(CFG.settings['variant'],
- version=CFG.settings.get('variant_version', None))[1]
- base_inventory.write('deployment_type={}\n'.format(ver.ansible_key))
-
- if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ:
- base_inventory.write('openshift_docker_additional_registries={}\n'
- .format(os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES']))
- if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ:
- base_inventory.write('openshift_docker_insecure_registries={}\n'
- .format(os.environ['OO_INSTALL_INSECURE_REGISTRIES']))
- if 'OO_INSTALL_PUDDLE_REPO' in os.environ:
- # We have to double the '{' here for literals
- base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', "
- "'name': 'ose-devel', "
- "'baseurl': '{}', "
- "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO']))
-
- base_inventory.write('\n[masters]\n')
- for master in masters:
- write_host(master, base_inventory)
-
- if len(masters) > 1:
- base_inventory.write('\n[etcd]\n')
- for master in masters:
- write_host(master, base_inventory)
+ write_inventory_children(base_inventory, scaleup)
- base_inventory.write('\n[nodes]\n')
-
- for node in nodes:
- # Let the fact defaults decide if we're not a master:
- schedulable = None
-
- # If the node is also a master, we must explicitly set schedulablity:
- if node.is_master():
- schedulable = node.is_schedulable_node(hosts)
- write_host(node, base_inventory, schedulable)
-
- if not getattr(proxy, 'preconfigured', True):
- base_inventory.write('\n[lb]\n')
- write_host(proxy, base_inventory)
+ write_inventory_vars(base_inventory, multiple_masters, lb)
+ # write_inventory_hosts
+ for role in CFG.deployment.roles:
+ # write group block
+ group = ROLES_TO_GROUPS_MAP.get(role, role)
+ base_inventory.write("\n[{}]\n".format(group))
+ # write each host
+ group_hosts = [host for host in hosts if role in host.roles]
+ for host in group_hosts:
+ schedulable = host.is_schedulable_node(hosts)
+ write_host(host, role, base_inventory, schedulable)
if scaleup:
base_inventory.write('\n[new_nodes]\n')
for node in new_nodes:
- write_host(node, base_inventory)
-
- if storage:
- base_inventory.write('\n[nfs]\n')
- write_host(storage, base_inventory)
+ write_host(node, 'new_nodes', base_inventory)
base_inventory.close()
return base_inventory_path
-def determine_proxy_configuration(hosts):
- proxy = next((host for host in hosts if host.is_master_lb()), None)
- if proxy:
- if proxy.hostname == None:
- proxy.hostname = proxy.connect_to
- proxy.public_hostname = proxy.connect_to
- return proxy
+def determine_lb_configuration(hosts):
+ lb = next((host for host in hosts if host.is_master_lb()), None)
+ if lb:
+ if lb.hostname is None:
+ lb.hostname = lb.connect_to
+ lb.public_hostname = lb.connect_to
-def determine_storage_configuration(hosts):
- storage = next((host for host in hosts if host.is_storage()), None)
+ return lb
- return storage
-def write_inventory_children(base_inventory, multiple_masters, proxy, scaleup):
+def write_inventory_children(base_inventory, scaleup):
global CFG
base_inventory.write('\n[OSEv3:children]\n')
@@ -128,12 +94,10 @@ def write_inventory_children(base_inventory, multiple_masters, proxy, scaleup):
if scaleup:
base_inventory.write('new_nodes\n')
- if multiple_masters:
- base_inventory.write('etcd\n')
- if not getattr(proxy, 'preconfigured', True):
- base_inventory.write('lb\n')
-def write_inventory_vars(base_inventory, multiple_masters, proxy):
+
+# pylint: disable=too-many-branches
+def write_inventory_vars(base_inventory, multiple_masters, lb):
global CFG
base_inventory.write('\n[OSEv3:vars]\n')
@@ -147,21 +111,41 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy):
if value:
base_inventory.write('{}={}\n'.format(inventory_var, value))
- if CFG.settings['ansible_ssh_user'] != 'root':
+ if CFG.deployment.variables['ansible_ssh_user'] != 'root':
base_inventory.write('ansible_become=yes\n')
- if multiple_masters and proxy is not None:
+ if multiple_masters and lb is not None:
base_inventory.write('openshift_master_cluster_method=native\n')
- base_inventory.write("openshift_master_cluster_hostname={}\n".format(proxy.hostname))
+ base_inventory.write("openshift_master_cluster_hostname={}\n".format(lb.hostname))
base_inventory.write(
- "openshift_master_cluster_public_hostname={}\n".format(proxy.public_hostname))
+ "openshift_master_cluster_public_hostname={}\n".format(lb.public_hostname))
if CFG.settings.get('variant_version', None) == '3.1':
- #base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version')))
+ # base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version')))
base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6'))
write_proxy_settings(base_inventory)
+ # Find the correct deployment type for ansible:
+ ver = find_variant(CFG.settings['variant'],
+ version=CFG.settings.get('variant_version', None))[1]
+ base_inventory.write('deployment_type={}\n'.format(ver.ansible_key))
+ if getattr(ver, 'variant_subtype', False):
+ base_inventory.write('deployment_subtype={}\n'.format(ver.deployment_subtype))
+
+ if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ:
+ base_inventory.write('openshift_docker_additional_registries={}\n'.format(
+ os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES']))
+ if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ:
+ base_inventory.write('openshift_docker_insecure_registries={}\n'.format(
+ os.environ['OO_INSTALL_INSECURE_REGISTRIES']))
+ if 'OO_INSTALL_PUDDLE_REPO' in os.environ:
+ # We have to double the '{' here for literals
+ base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', "
+ "'name': 'ose-devel', "
+ "'baseurl': '{}', "
+ "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO']))
+
for name, role_obj in CFG.deployment.roles.iteritems():
if role_obj.variables:
group_name = ROLES_TO_GROUPS_MAP.get(name, name)
@@ -176,24 +160,28 @@ def write_inventory_vars(base_inventory, multiple_masters, proxy):
def write_proxy_settings(base_inventory):
try:
base_inventory.write("openshift_http_proxy={}\n".format(
- CFG.settings['openshift_http_proxy']))
+ CFG.settings['openshift_http_proxy']))
except KeyError:
pass
try:
base_inventory.write("openshift_https_proxy={}\n".format(
- CFG.settings['openshift_https_proxy']))
+ CFG.settings['openshift_https_proxy']))
except KeyError:
pass
try:
base_inventory.write("openshift_no_proxy={}\n".format(
- CFG.settings['openshift_no_proxy']))
+ CFG.settings['openshift_no_proxy']))
except KeyError:
pass
-def write_host(host, inventory, schedulable=None):
+# pylint: disable=too-many-branches
+def write_host(host, role, inventory, schedulable=None):
global CFG
+ if host.preconfigured:
+ return
+
facts = ''
if host.ip:
facts += ' openshift_ip={}'.format(host.ip)
@@ -205,15 +193,19 @@ def write_host(host, inventory, schedulable=None):
facts += ' openshift_public_hostname={}'.format(host.public_hostname)
if host.containerized:
facts += ' containerized={}'.format(host.containerized)
+ if host.other_variables:
+ for variable, value in host.other_variables.iteritems():
+ facts += " {}={}".format(variable, value)
+ if host.node_labels:
+ if role == 'node':
+ facts += ' openshift_node_labels="{}"'.format(host.node_labels)
# Distinguish between three states, no schedulability specified (use default),
# explicitly set to True, or explicitly set to False:
- if schedulable is None:
+ if role != 'node' or schedulable is None:
pass
- elif schedulable:
- facts += ' openshift_schedulable=True'
- elif not schedulable:
- facts += ' openshift_schedulable=False'
+ else:
+ facts += " openshift_schedulable={}".format(schedulable)
installer_host = socket.gethostname()
if installer_host in [host.connect_to, host.hostname, host.public_hostname]:
@@ -232,17 +224,21 @@ def load_system_facts(inventory_file, os_facts_path, env_vars, verbose=False):
"""
Retrieves system facts from the remote systems.
"""
+ installer_log.debug("Inside load_system_facts")
FNULL = open(os.devnull, 'w')
args = ['ansible-playbook', '-v'] if verbose \
else ['ansible-playbook']
args.extend([
'--inventory-file={}'.format(inventory_file),
os_facts_path])
+ installer_log.debug("Going to subprocess out to ansible now with these args: %s", ' '.join(args))
status = subprocess.call(args, env=env_vars, stdout=FNULL)
- if not status == 0:
+ if status != 0:
+ installer_log.debug("Exit status from subprocess was not 0")
return [], 1
with open(CFG.settings['ansible_callback_facts_yaml'], 'r') as callback_facts_file:
+ installer_log.debug("Going to try to read this file: %s", CFG.settings['ansible_callback_facts_yaml'])
try:
callback_facts = yaml.safe_load(callback_facts_file)
except yaml.YAMLError, exc:
@@ -255,6 +251,7 @@ def load_system_facts(inventory_file, os_facts_path, env_vars, verbose=False):
def default_facts(hosts, verbose=False):
global CFG
+ installer_log.debug("Current global CFG vars here: %s", CFG)
inventory_file = generate_inventory(hosts)
os_facts_path = '{}/playbooks/byo/openshift_facts.yml'.format(CFG.ansible_playbook_directory)
@@ -266,6 +263,9 @@ def default_facts(hosts, verbose=False):
facts_env["ANSIBLE_LOG_PATH"] = CFG.settings['ansible_log_path']
if 'ansible_config' in CFG.settings:
facts_env['ANSIBLE_CONFIG'] = CFG.settings['ansible_config']
+
+ installer_log.debug("facts_env: %s", facts_env)
+ installer_log.debug("Going to 'load_system_facts' next")
return load_system_facts(inventory_file, os_facts_path, facts_env, verbose)
@@ -294,10 +294,10 @@ def run_ansible(playbook, inventory, env_vars, verbose=False):
return subprocess.call(args, env=env_vars)
-def run_uninstall_playbook(verbose=False):
+def run_uninstall_playbook(hosts, verbose=False):
playbook = os.path.join(CFG.settings['ansible_playbook_directory'],
- 'playbooks/adhoc/uninstall.yml')
- inventory_file = generate_inventory(CFG.hosts)
+ 'playbooks/adhoc/uninstall.yml')
+ inventory_file = generate_inventory(hosts)
facts_env = os.environ.copy()
if 'ansible_log_path' in CFG.settings:
facts_env['ANSIBLE_LOG_PATH'] = CFG.settings['ansible_log_path']
@@ -306,12 +306,12 @@ def run_uninstall_playbook(verbose=False):
return run_ansible(playbook, inventory_file, facts_env, verbose)
-def run_upgrade_playbook(playbook, verbose=False):
+def run_upgrade_playbook(hosts, playbook, verbose=False):
playbook = os.path.join(CFG.settings['ansible_playbook_directory'],
- 'playbooks/byo/openshift-cluster/upgrades/{}'.format(playbook))
+ 'playbooks/byo/openshift-cluster/upgrades/{}'.format(playbook))
# TODO: Upgrade inventory for upgrade?
- inventory_file = generate_inventory(CFG.hosts)
+ inventory_file = generate_inventory(hosts)
facts_env = os.environ.copy()
if 'ansible_log_path' in CFG.settings:
facts_env['ANSIBLE_LOG_PATH'] = CFG.settings['ansible_log_path']
diff --git a/utils/src/ooinstall/variants.py b/utils/src/ooinstall/variants.py
index 8889e42e6..6993794fe 100644
--- a/utils/src/ooinstall/variants.py
+++ b/utils/src/ooinstall/variants.py
@@ -11,12 +11,16 @@ to be specified by the user, and to point the generic variants to the latest
version.
"""
+import logging
+installer_log = logging.getLogger('installer')
+
class Version(object):
- def __init__(self, name, ansible_key):
+ def __init__(self, name, ansible_key, subtype=''):
self.name = name # i.e. 3.0, 3.1
self.ansible_key = ansible_key
+ self.subtype = subtype
class Variant(object):
@@ -34,30 +38,36 @@ class Variant(object):
# WARNING: Keep the versions ordered, most recent first:
-OSE = Variant('openshift-enterprise', 'OpenShift Enterprise',
- [
- Version('3.2', 'openshift-enterprise'),
- Version('3.1', 'openshift-enterprise'),
- Version('3.0', 'enterprise')
- ]
+OSE = Variant('openshift-enterprise', 'OpenShift Container Platform',
+ [
+ Version('3.3', 'openshift-enterprise'),
+ ]
)
-AEP = Variant('atomic-enterprise', 'Atomic Enterprise Platform',
- [
- Version('3.2', 'atomic-enterprise'),
- Version('3.1', 'atomic-enterprise')
- ]
+REG = Variant('openshift-enterprise', 'Registry',
+ [
+ Version('3.3', 'openshift-enterprise', 'registry'),
+ ]
)
origin = Variant('origin', 'OpenShift Origin',
- [
- Version('1.2', 'origin'),
- ]
+ [
+ Version('1.2', 'origin'),
+ ]
+)
+
+LEGACY = Variant('openshift-enterprise', 'OpenShift Container Platform',
+ [
+ Version('3.2', 'openshift-enterprise'),
+ Version('3.1', 'openshift-enterprise'),
+ Version('3.0', 'openshift-enterprise'),
+ ]
)
# Ordered list of variants we can install, first is the default.
-SUPPORTED_VARIANTS = (OSE, AEP, origin)
-DISPLAY_VARIANTS = (OSE, AEP)
+SUPPORTED_VARIANTS = (OSE, REG, origin, LEGACY)
+DISPLAY_VARIANTS = (OSE, REG,)
+
def find_variant(name, version=None):
"""
@@ -76,6 +86,7 @@ def find_variant(name, version=None):
return (None, None)
+
def get_variant_version_combos():
combos = []
for variant in DISPLAY_VARIANTS:
diff --git a/utils/test-requirements.txt b/utils/test-requirements.txt
new file mode 100644
index 000000000..f2216a177
--- /dev/null
+++ b/utils/test-requirements.txt
@@ -0,0 +1,11 @@
+enum
+configparser
+pylint
+pep8
+nose
+coverage
+mock
+flake8
+PyYAML
+click
+backports.functools_lru_cache
diff --git a/utils/test/cli_installer_tests.py b/utils/test/cli_installer_tests.py
index 13973f22f..6d9d443ff 100644
--- a/utils/test/cli_installer_tests.py
+++ b/utils/test/cli_installer_tests.py
@@ -101,8 +101,9 @@ MOCK_FACTS_QUICKHA = {
# Missing connect_to on some hosts:
BAD_CONFIG = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -132,8 +133,9 @@ deployment:
QUICKHA_CONFIG = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -189,8 +191,9 @@ deployment:
QUICKHA_2_MASTER_CONFIG = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -238,8 +241,9 @@ deployment:
QUICKHA_CONFIG_REUSED_LB = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -281,8 +285,9 @@ deployment:
QUICKHA_CONFIG_NO_LB = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -323,8 +328,9 @@ deployment:
QUICKHA_CONFIG_PRECONFIGURED_LB = """
variant: %s
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -557,7 +563,7 @@ class UnattendedCliTests(OOCliFixture):
self.assertEquals('openshift-enterprise', written_config['variant'])
# We didn't specify a version so the latest should have been assumed,
# and written to disk:
- self.assertEquals('3.2', written_config['variant_version'])
+ self.assertEquals('3.3', written_config['variant_version'])
# Make sure the correct value was passed to ansible:
inventory = ConfigParser.ConfigParser(allow_no_value=True)
@@ -573,7 +579,7 @@ class UnattendedCliTests(OOCliFixture):
run_playbook_mock.return_value = 0
config = SAMPLE_CONFIG % 'openshift-enterprise'
- config = '%s\n%s' % (config, 'variant_version: 3.0')
+ config = '%s\n%s' % (config, 'variant_version: 3.3')
config_file = self.write_config(os.path.join(self.work_dir,
'ooinstall.conf'), config)
@@ -586,11 +592,11 @@ class UnattendedCliTests(OOCliFixture):
self.assertEquals('openshift-enterprise', written_config['variant'])
# Make sure our older version was preserved:
# and written to disk:
- self.assertEquals('3.0', written_config['variant_version'])
+ self.assertEquals('3.3', written_config['variant_version'])
inventory = ConfigParser.ConfigParser(allow_no_value=True)
inventory.read(os.path.join(self.work_dir, 'hosts'))
- self.assertEquals('enterprise',
+ self.assertEquals('openshift-enterprise',
inventory.get('OSEv3:vars', 'deployment_type'))
@patch('ooinstall.openshift_ansible.run_ansible')
@@ -722,7 +728,7 @@ class UnattendedCliTests(OOCliFixture):
# This is an invalid config:
self.assert_result(result, 1)
- self.assertTrue("A minimum of 3 Masters are required" in result.output)
+ self.assertTrue("A minimum of 3 masters are required" in result.output)
#unattended with three masters, one node, but no load balancer specified:
@patch('ooinstall.openshift_ansible.run_main_playbook')
@@ -815,9 +821,9 @@ class AttendedCliTests(OOCliFixture):
self.assert_inventory_host_var(inventory, 'nodes', '10.0.0.1',
'openshift_schedulable=False')
self.assert_inventory_host_var_unset(inventory, 'nodes', '10.0.0.2',
- 'openshift_schedulable')
+ 'openshift_schedulable=True')
self.assert_inventory_host_var_unset(inventory, 'nodes', '10.0.0.3',
- 'openshift_schedulable')
+ 'openshift_schedulable=True')
# interactive with config file and some installed some uninstalled hosts
@patch('ooinstall.openshift_ansible.run_main_playbook')
@@ -939,7 +945,7 @@ class AttendedCliTests(OOCliFixture):
self.assert_inventory_host_var(inventory, 'nodes', '10.0.0.3',
'openshift_schedulable=False')
self.assert_inventory_host_var_unset(inventory, 'nodes', '10.0.0.4',
- 'openshift_schedulable')
+ 'openshift_schedulable=True')
self.assertTrue(inventory.has_section('etcd'))
self.assertEquals(3, len(inventory.items('etcd')))
@@ -1068,26 +1074,6 @@ class AttendedCliTests(OOCliFixture):
self.assert_inventory_host_var(inventory, 'nodes', '10.0.0.1',
'openshift_schedulable=True')
- #interactive 3.0 install confirm no HA hints
- @patch('ooinstall.openshift_ansible.run_main_playbook')
- @patch('ooinstall.openshift_ansible.load_system_facts')
- def test_ha_hint(self, load_facts_mock, run_playbook_mock):
- load_facts_mock.return_value = (MOCK_FACTS, 0)
- run_playbook_mock.return_value = 0
-
- cli_input = build_input(hosts=[
- ('10.0.0.1', True, False)],
- ssh_user='root',
- variant_num=3,
- confirm_facts='y',
- storage='10.1.0.1',)
- self.cli_args.append("install")
- result = self.runner.invoke(cli.cli, self.cli_args,
- input=cli_input)
- self.assert_result(result, 0)
- print result.output
- self.assertTrue("NOTE: Add a total of 3 or more Masters to perform an HA installation."
- not in result.output)
@patch('ooinstall.openshift_ansible.run_main_playbook')
@patch('ooinstall.openshift_ansible.load_system_facts')
@@ -1122,9 +1108,9 @@ class AttendedCliTests(OOCliFixture):
self.assert_inventory_host_var(inventory, 'nodes', '10.0.0.1',
'openshift_schedulable=False')
self.assert_inventory_host_var_unset(inventory, 'nodes', '10.0.0.2',
- 'openshift_schedulable')
+ 'openshift_schedulable=True')
self.assert_inventory_host_var_unset(inventory, 'nodes', '10.0.0.3',
- 'openshift_schedulable')
+ 'openshift_schedulable=True')
# TODO: test with config file, attended add node
diff --git a/utils/test/fixture.py b/utils/test/fixture.py
index 006df739b..a883e5c56 100644
--- a/utils/test/fixture.py
+++ b/utils/test/fixture.py
@@ -10,10 +10,11 @@ from click.testing import CliRunner
# Substitute in a product name before use:
SAMPLE_CONFIG = """
variant: %s
-variant_version: 3.2
-ansible_ssh_user: root
+variant_version: 3.3
master_routingconfig_subdomain: example.com
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -137,15 +138,19 @@ class OOCliFixture(OOInstallFixture):
written_config = read_yaml(config_file)
self._verify_config_hosts(written_config, exp_hosts_len)
- self.assert_result(result, 0)
- self._verify_load_facts(load_facts_mock)
- self._verify_run_playbook(run_playbook_mock, exp_hosts_len, exp_hosts_to_run_on_len)
-
- # Make sure we ran on the expected masters and nodes:
- hosts = run_playbook_mock.call_args[0][1]
- hosts_to_run_on = run_playbook_mock.call_args[0][2]
- self.assertEquals(exp_hosts_len, len(hosts))
- self.assertEquals(exp_hosts_to_run_on_len, len(hosts_to_run_on))
+ if "Uninstalled" in result.output:
+ # verify we exited on seeing uninstalled hosts
+ self.assertEqual(result.exit_code, 1)
+ else:
+ self.assert_result(result, 0)
+ self._verify_load_facts(load_facts_mock)
+ self._verify_run_playbook(run_playbook_mock, exp_hosts_len, exp_hosts_to_run_on_len)
+
+ # Make sure we ran on the expected masters and nodes:
+ hosts = run_playbook_mock.call_args[0][1]
+ hosts_to_run_on = run_playbook_mock.call_args[0][2]
+ self.assertEquals(exp_hosts_len, len(hosts))
+ self.assertEquals(exp_hosts_to_run_on_len, len(hosts_to_run_on))
#pylint: disable=too-many-arguments,too-many-branches,too-many-statements
diff --git a/utils/test/oo_config_tests.py b/utils/test/oo_config_tests.py
index c19fe9e0d..b5068cc14 100644
--- a/utils/test/oo_config_tests.py
+++ b/utils/test/oo_config_tests.py
@@ -12,9 +12,10 @@ from ooinstall.oo_config import OOConfig, Host, OOConfigInvalidHostError
SAMPLE_CONFIG = """
variant: openshift-enterprise
-variant_version: 3.2
-ansible_ssh_user: root
+variant_version: 3.3
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: master-private.example.com
ip: 10.0.0.1
@@ -43,28 +44,11 @@ deployment:
node:
"""
-# Used to test automatic upgrading of config:
-LEGACY_CONFIG = """
-Description: This is the configuration file for the OpenShift Ansible-Based Installer.
-Name: OpenShift Ansible-Based Installer Configuration
-Subscription: {type: none}
-Vendor: OpenShift Community
-Version: 0.0.1
-ansible_config: /tmp/notreal/ansible.cfg
-ansible_inventory_directory: /tmp/notreal/.config/openshift/.ansible
-ansible_log_path: /tmp/ansible.log
-ansible_plugins_directory: /tmp/notreal/.python-eggs/ooinstall-3.0.0-py2.7.egg-tmp/ooinstall/ansible_plugins
-masters: [10.0.0.1]
-nodes: [10.0.0.2, 10.0.0.3]
-validated_facts:
- 10.0.0.1: {hostname: master-private.example.com, ip: 10.0.0.1, public_hostname: master.example.com, public_ip: 24.222.0.1}
- 10.0.0.2: {hostname: node1-private.example.com, ip: 10.0.0.2, public_hostname: node1.example.com, public_ip: 24.222.0.2}
- 10.0.0.3: {hostname: node2-private.example.com, ip: 10.0.0.3, public_hostname: node2.example.com, public_ip: 24.222.0.3}
-"""
-
CONFIG_INCOMPLETE_FACTS = """
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: 10.0.0.1
ip: 10.0.0.1
@@ -90,8 +74,9 @@ deployment:
CONFIG_BAD = """
variant: openshift-enterprise
-ansible_ssh_user: root
+version: v2
deployment:
+ ansible_ssh_user: root
hosts:
- connect_to: master-private.example.com
ip: 10.0.0.1
@@ -212,7 +197,7 @@ class OOConfigTests(OOInstallFixture):
self.assertTrue('hostname' in h)
self.assertTrue('public_hostname' in h)
- self.assertTrue('ansible_ssh_user' in written_config)
+ self.assertTrue('ansible_ssh_user' in written_config['deployment'])
self.assertTrue('variant' in written_config)
self.assertEquals('v2', written_config['version'])