diff options
449 files changed, 15033 insertions, 20558 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 6200c06ab..6fab7527e 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.162.0 ./ +3.7.5-1 ./ diff --git a/docs/proposals/role_decomposition.md b/docs/proposals/role_decomposition.md index b6c1d8c5b..6434e24e7 100644 --- a/docs/proposals/role_decomposition.md +++ b/docs/proposals/role_decomposition.md @@ -158,13 +158,13 @@ providing the location of the generated certificates to the individual roles. openshift_logging_kibana_es_host: "{{ openshift_logging_es_ops_host }}" openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}" openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}" - openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}" openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}" + openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}" openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}" openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}" openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}" - openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}" openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}" + openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}" openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}" openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}" openshift_logging_kibana_ca: "{{ openshift_logging_kibana_ops_ca}}" @@ -193,8 +193,8 @@ providing the location of the generated certificates to the individual roles. openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix }}" openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}" openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" - openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}" openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}" + openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}" openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}" when: - openshift_logging_use_ops | bool diff --git a/files/origin-components/template-service-broker-registration.yaml b/files/origin-components/template-service-broker-registration.yaml index 2086978f0..95fb72924 100644 --- a/files/origin-components/template-service-broker-registration.yaml +++ b/files/origin-components/template-service-broker-registration.yaml @@ -9,8 +9,8 @@ parameters: required: true objects: # register the tsb with the service catalog -- apiVersion: servicecatalog.k8s.io/v1alpha1 - kind: ServiceBroker +- apiVersion: servicecatalog.k8s.io/v1beta1 + kind: ClusterServiceBroker metadata: name: template-service-broker spec: diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 2fbd23450..f9564499d 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -1125,6 +1125,73 @@ of items as ['region=infra', 'zone=primary'] return selectors +def oo_filter_sa_secrets(sa_secrets, secret_hint='-token-'): + """Parse the Service Account Secrets list, `sa_secrets`, (as from +oc_serviceaccount_secret:state=list) and return the name of the secret +containing the `secret_hint` string. For example, by default this will +return the name of the secret holding the SA bearer token. + +Only provide the 'results' object to this filter. This filter expects +to receive a list like this: + + [ + { + "name": "management-admin-dockercfg-p31s2" + }, + { + "name": "management-admin-token-bnqsh" + } + ] + + +Returns: + +* `secret_name` [string] - The name of the secret matching the + `secret_hint` parameter. By default this is the secret holding the + SA's bearer token. + +Example playbook usage: + +Register a return value from oc_serviceaccount_secret with and pass +that result to this filter plugin. + + - name: Get all SA Secrets + oc_serviceaccount_secret: + state: list + service_account: management-admin + namespace: management-infra + register: sa + + - name: Save the SA bearer token secret name + set_fact: + management_token: "{{ sa.results | oo_filter_sa_secrets }}" + + - name: Get the SA bearer token value + oc_secret: + state: list + name: "{{ management_token }}" + namespace: management-infra + decode: true + register: sa_secret + + - name: Print the bearer token value + debug: + var: sa_secret.results.decoded.token + + """ + secret_name = None + + for secret in sa_secrets: + # each secret is a hash + if secret['name'].find(secret_hint) == -1: + continue + else: + secret_name = secret['name'] + break + + return secret_name + + class FilterModule(object): """ Custom ansible filter mapping """ @@ -1167,5 +1234,6 @@ class FilterModule(object): "to_padded_yaml": to_padded_yaml, "oo_random_word": oo_random_word, "oo_contains_rule": oo_contains_rule, - "oo_selector_to_string_list": oo_selector_to_string_list + "oo_selector_to_string_list": oo_selector_to_string_list, + "oo_filter_sa_secrets": oo_filter_sa_secrets, } diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example index 5a284ce97..acf68266e 100644 --- a/inventory/byo/hosts.byo.glusterfs.external.example +++ b/inventory/byo/hosts.byo.glusterfs.external.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -39,6 +40,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example index d16df6470..a559dc377 100644 --- a/inventory/byo/hosts.byo.glusterfs.mixed.example +++ b/inventory/byo/hosts.byo.glusterfs.mixed.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -42,6 +43,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example index c1a1f6f84..ca4765c53 100644 --- a/inventory/byo/hosts.byo.glusterfs.native.example +++ b/inventory/byo/hosts.byo.glusterfs.native.example @@ -16,6 +16,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -34,6 +35,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example index 31a85ee42..32040f593 100644 --- a/inventory/byo/hosts.byo.glusterfs.registry-only.example +++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs_registry @@ -40,6 +41,9 @@ node0 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node1 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node2 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example index 54bd89ddc..9bd37cbf6 100644 --- a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example +++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs glusterfs_registry @@ -46,6 +47,9 @@ node3 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node4 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node5 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.example b/inventory/byo/hosts.example index 499a9d8e7..fbe0a97c5 100644 --- a/inventory/byo/hosts.example +++ b/inventory/byo/hosts.example @@ -123,6 +123,15 @@ openshift_release=v3.7 # use this option if you are sure you know what you are doing! #openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest" #openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest" +# NOTE: The following crio docker-gc items are tech preview and likely shouldn't be used +# unless you know what you are doing!! +# The following two variables are used when opneshift_use_crio is True +# and cleans up after builds that pass through docker. +# Enable docker garbage collection when using cri-o +#openshift_crio_enable_docker_gc=false +# Node Selectors to run the garbage collection +#openshift_crio_docker_gc_node_selector: {'runtime': 'cri-o'} + # Items added, as is, to end of /etc/sysconfig/docker OPTIONS # Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" @@ -310,9 +319,6 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_cluster_hostname=openshift-ansible.test.example.com #openshift_master_cluster_public_hostname=openshift-ansible.test.example.com -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - # Configure controller arguments #osm_controller_args={'resource-quota-sync-period': ['10s']} @@ -394,10 +400,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_routers=[{'name': 'router1', 'certificate': {'certfile': '/path/to/certificate/abc.crt', 'keyfile': '/path/to/certificate/abc.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router1', 'ports': ['80:80', '443:443']}, {'name': 'router2', 'certificate': {'certfile': '/path/to/certificate/xyz.crt', 'keyfile': '/path/to/certificate/xyz.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [{'action': 'append', 'key': 'spec.template.spec.containers[0].env', 'value': {'name': 'ROUTE_LABELS', 'value': 'route=external'}}], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router2', 'ports': ['80:80', '443:443']}] # OpenShift Registry Console Options -# Override the console image prefix for enterprise deployments, not used in origin -# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" +# Override the console image prefix: +# origin default is "cockpit/" and the image appended is "kubernetes" +# enterprise default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" #openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ -# Override image version, defaults to latest for origin, matches the product version for enterprise +# Override image version, defaults to latest for origin, vX.Y product version for enterprise #openshift_cockpit_deployer_version=1.4.1 # Openshift Registry Options @@ -632,6 +639,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_storage_volume_name=prometheus #openshift_prometheus_storage_volume_size=10Gi #openshift_prometheus_storage_labels={'storage': 'prometheus'} +#openshift_prometheus_storage_type='pvc' # For prometheus-alertmanager #openshift_prometheus_alertmanager_storage_kind=nfs #openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] @@ -640,6 +648,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager #openshift_prometheus_alertmanager_storage_volume_size=10Gi #openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'} +#openshift_prometheus_alertmanager_storage_type='pvc' # For prometheus-alertbuffer #openshift_prometheus_alertbuffer_storage_kind=nfs #openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] @@ -648,6 +657,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer #openshift_prometheus_alertbuffer_storage_volume_size=10Gi #openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'} +#openshift_prometheus_alertbuffer_storage_type='pvc' # # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on @@ -660,6 +670,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_storage_volume_name=prometheus #openshift_prometheus_storage_volume_size=10Gi #openshift_prometheus_storage_labels={'storage': 'prometheus'} +#openshift_prometheus_storage_type='pvc' # For prometheus-alertmanager #openshift_prometheus_alertmanager_storage_kind=nfs #openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] @@ -668,6 +679,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager #openshift_prometheus_alertmanager_storage_volume_size=10Gi #openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'} +#openshift_prometheus_alertmanager_storage_type='pvc' # For prometheus-alertbuffer #openshift_prometheus_alertbuffer_storage_kind=nfs #openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] @@ -676,6 +688,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer #openshift_prometheus_alertbuffer_storage_volume_size=10Gi #openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'} +#openshift_prometheus_alertbuffer_storage_type='pvc' # # Option C - none -- Prometheus, alertmanager and alertbuffer will use emptydir volumes # which are destroyed when pods are deleted @@ -968,25 +981,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift_upgrade_post_storage_migration_enabled=true # openshift_upgrade_post_storage_migration_fatal=false -# host group for masters -[masters] -ose3-master[1:3]-ansible.test.example.com - -[etcd] -ose3-etcd[1:3]-ansible.test.example.com - -# NOTE: Containerized load balancer hosts are not yet supported, if using a global -# containerized=true host variable we must set to false. -[lb] -ose3-lb-ansible.test.example.com containerized=false - -# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes -# However, in order to ensure that your masters are not burdened with running pods you should -# make them unschedulable by adding openshift_schedulable=False any node that's also a master. -[nodes] -ose3-master[1:3]-ansible.test.example.com -ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" - +###################################################################### # CloudForms/ManageIQ (CFME/MIQ) Configuration # See the readme for full descriptions and getting started @@ -1036,6 +1031,17 @@ ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'prima # setting this variable. Useful for testing specific task files. #openshift_management_storage_nfs_local_hostname: false +# These are the default values for the username and password of the +# management app. Changing these values in your inventory will not +# change your username or password. You should only need to change +# these values in your inventory if you already changed the actual +# name and password AND are trying to use integration scripts. +# +# For example, adding this cluster as a container provider, +# playbooks/byo/openshift-management/add_container_provider.yml +#openshift_management_username: admin +#openshift_management_password: smartvm + # A hash of parameters you want to override or set in the # miq-template.yaml or miq-template-ext-db.yaml templates. Set this in # your inventory file as a simple hash. Acceptable values are defined @@ -1044,3 +1050,28 @@ ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'prima # # openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} #openshift_management_template_parameters: {} + +# Firewall configuration +# You can open additional firewall ports by defining them as a list. of service +# names and ports/port ranges for either masters or nodes. +#openshift_master_open_ports=[{"service":"svc1","port":"11/tcp"}] +#openshift_node_open_ports=[{"service":"svc2","port":"12-13/tcp"},{"service":"svc3","port":"14/udp"}] + +# host group for masters +[masters] +ose3-master[1:3]-ansible.test.example.com + +[etcd] +ose3-etcd[1:3]-ansible.test.example.com + +# NOTE: Containerized load balancer hosts are not yet supported, if using a global +# containerized=true host variable we must set to false. +[lb] +ose3-lb-ansible.test.example.com containerized=false + +# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes +# However, in order to ensure that your masters are not burdened with running pods you should +# make them unschedulable by adding openshift_schedulable=False any node that's also a master. +[nodes] +ose3-master[1:3]-ansible.test.example.com +ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example deleted file mode 100644 index 9d811fcab..000000000 --- a/inventory/byo/hosts.origin.example +++ /dev/null @@ -1,900 +0,0 @@ -# This is an example of a bring your own (byo) host inventory - -# Create an OSEv3 group that contains the masters and nodes groups -[OSEv3:children] -masters -nodes -etcd -lb -nfs - -# Set variables common for all OSEv3 hosts -[OSEv3:vars] -# Enable unsupported configurations, things that will yield a partially -# functioning cluster but would not be supported for production use -#openshift_enable_unsupported_configurations=false - -# SSH user, this user should allow ssh based auth without requiring a -# password. If using ssh key based auth, then the key should be managed by an -# ssh agent. -ansible_ssh_user=root - -# If ansible_ssh_user is not root, ansible_become must be set to true and the -# user must be configured for passwordless sudo -#ansible_become=yes - -# Debug level for all OpenShift components (Defaults to 2) -debug_level=2 - -# Specify the deployment type. Valid values are origin and openshift-enterprise. -openshift_deployment_type=origin - -# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we -# rely on the version running on the first master. Works best for containerized installs where we can usually -# use this to lookup the latest exact version of the container images, which is the tag actually used to configure -# the cluster. For RPM installations we just verify the version detected in your configured repos matches this -# release. -openshift_release=v3.7 - -# Specify an exact container image tag to install or configure. -# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v3.7.0 - -# Specify an exact rpm version to install or configure. -# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-3.7.0 - -# This enables all the system containers except for docker: -#openshift_use_system_containers=False -# -# But you can choose separately each component that must be a -# system container: -# -#openshift_use_openvswitch_system_container=False -#openshift_use_node_system_container=False -#openshift_use_master_system_container=False -#openshift_use_etcd_system_container=False -# -# In either case, system_images_registry must be specified to be able to find the system images -#system_images_registry="docker.io" - -# Install the openshift examples -#openshift_install_examples=true - -# Configure logoutURL in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url -#openshift_master_logout_url=http://example.com - -# Configure extensionScripts in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js'] - -# Configure extensionStylesheets in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css'] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_oauth_template=/path/to/login-template.html - -# Configure imagePolicyConfig in the master config -# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig -#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} - -# Configure master API rate limits for external clients -#openshift_master_external_ratelimit_qps=200 -#openshift_master_external_ratelimit_burst=400 -# Configure master API rate limits for loopback clients -#openshift_master_loopback_ratelimit_qps=300 -#openshift_master_loopback_ratelimit_burst=600 - -# Docker Configuration -# Add additional, insecure, and blocked registries to global docker configuration -# For enterprise deployment types we ensure that registry.access.redhat.com is -# included if you do not include it -#openshift_docker_additional_registries=registry.example.com -#openshift_docker_insecure_registries=registry.example.com -#openshift_docker_blocked_registries=registry.hacker.com -# Disable pushing to dockerhub -#openshift_docker_disable_push_dockerhub=True -# Use Docker inside a System Container. Note that this is a tech preview and should -# not be used to upgrade! -# The following options for docker are ignored: -# - docker_version -# - docker_upgrade -# The following options must not be used -# - openshift_docker_options -#openshift_docker_use_system_container=False -# Instead of using docker, replacec it with cri-o -# NOTE: This uses openshift_docker_systemcontainer_image_registry_override as it's override -# just as container-engine does. -#openshift_use_crio=False -# Force the registry to use for the docker/crio system container. By default the registry -# will be built off of the deployment type and ansible_distribution. Only -# use this option if you are sure you know what you are doing! -#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest" -#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest" -# Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=journald" -#openshift_docker_options="-l warn --ipv6=false" - -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.12.1" - -# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. -# Uncomment below to disable; for example if your kernel does not support the -# Docker overlay/overlay2 storage drivers with SELinux enabled. -#openshift_docker_selinux_enabled=False - -# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. -# docker_upgrade=False - -# Specify exact version of etcd to configure or upgrade to. -# etcd_version="3.1.0" -# Enable etcd debug logging, defaults to false -# etcd_debug=true -# Set etcd log levels by package -# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" - -# Upgrade Hooks -# -# Hooks are available to run custom tasks at various points during a cluster -# upgrade. Each hook should point to a file with Ansible tasks defined. Suggest using -# absolute paths, if not the path will be treated as relative to the file where the -# hook is actually used. -# -# Tasks to run before each master is upgraded. -# openshift_master_upgrade_pre_hook=/usr/share/custom/pre_master.yml -# -# Tasks to run to upgrade the master. These tasks run after the main openshift-ansible -# upgrade steps, but before we restart system/services. -# openshift_master_upgrade_hook=/usr/share/custom/master.yml -# -# Tasks to run after each master is upgraded and system/services have been restarted. -# openshift_master_upgrade_post_hook=/usr/share/custom/post_master.yml - - -# Alternate image format string, useful if you've got your own registry mirror -# Configure this setting just on node or master -#oreg_url_master=example.com/openshift3/ose-${component}:${version} -#oreg_url_node=example.com/openshift3/ose-${component}:${version} -# For setting the configuration globally -#oreg_url=example.com/openshift3/ose-${component}:${version} -# If oreg_url points to a registry other than registry.access.redhat.com we can -# modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=true - -# OpenShift repository configuration -#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] -#openshift_repos_enable_testing=false - -# htpasswd auth -openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] -# Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} -# or -#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> - -# Allow all auth -#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] - -# LDAP auth -#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] -# -# Configure LDAP CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the LDAPPasswordIdentityProvider. -# -#openshift_master_ldap_ca=<ca text> -# or -#openshift_master_ldap_ca_file=<path to local ca file to use> - -# OpenID auth -#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}] -# -# Configure OpenID CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the OpenIDIdentityProvider. -# -#openshift_master_openid_ca=<ca text> -# or -#openshift_master_openid_ca_file=<path to local ca file to use> - -# Request header auth -#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}] -# -# Configure request header CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "clientCA" -# key set within the RequestHeaderIdentityProvider. -# -#openshift_master_request_header_ca=<ca text> -# or -#openshift_master_request_header_ca_file=<path to local ca file to use> - -# CloudForms Management Engine (ManageIQ) App Install -# -# Enables installation of MIQ server. Recommended for dedicated -# clusters only. See roles/openshift_cfme/README.md for instructions -# and requirements. -#openshift_cfme_install_app=False - -# Cloud Provider Configuration -# -# Note: You may make use of environment variables rather than store -# sensitive configuration within the ansible inventory. -# For example: -#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" -#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" -# -# AWS -#openshift_cloudprovider_kind=aws -# Note: IAM profiles may be used instead of storing API credentials on disk. -#openshift_cloudprovider_aws_access_key=aws_access_key_id -#openshift_cloudprovider_aws_secret_key=aws_secret_access_key -# -# Openstack -#openshift_cloudprovider_kind=openstack -#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ -#openshift_cloudprovider_openstack_username=username -#openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_domain_id=domain_id -#openshift_cloudprovider_openstack_domain_name=domain_name -#openshift_cloudprovider_openstack_tenant_id=tenant_id -#openshift_cloudprovider_openstack_tenant_name=tenant_name -#openshift_cloudprovider_openstack_region=region -#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id -# -# GCE -#openshift_cloudprovider_kind=gce - -# Project Configuration -#osm_project_request_message='' -#osm_project_request_template='' -#osm_mcs_allocator_range='s0:/2' -#osm_mcs_labels_per_project=5 -#osm_uid_allocator_range='1000000000-1999999999/10000' - -# Configure additional projects -#openshift_additional_projects={'my-project': {'default_node_selector': 'label=value'}} - -# Enable cockpit -#osm_use_cockpit=true -# -# Set cockpit plugins -#osm_cockpit_plugins=['cockpit-kubernetes'] - -# Native high availability cluster method with optional load balancer. -# If no lb group is defined, the installer assumes that a load balancer has -# been preconfigured. For installation the value of -# openshift_master_cluster_hostname must resolve to the load balancer -# or to one or all of the masters defined in the inventory if no load -# balancer is present. -#openshift_master_cluster_method=native -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Pacemaker high availability cluster method. -# Pacemaker HA environment must be able to self provision the -# configured VIP. For installation openshift_master_cluster_hostname -# must resolve to the configured VIP. -#openshift_master_cluster_method=pacemaker -#openshift_master_cluster_password=openshift_cluster -#openshift_master_cluster_vip=192.168.133.25 -#openshift_master_cluster_public_vip=192.168.133.25 -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - -# Configure controller arguments -#osm_controller_args={'resource-quota-sync-period': ['10s']} - -# Configure api server arguments -#osm_api_server_args={'max-requests-inflight': ['400']} - -# default subdomain to use for exposed routes -#openshift_master_default_subdomain=apps.test.example.com - -# additional cors origins -#osm_custom_cors_origins=['foo.example.com', 'bar.example.com'] - -# default project node selector -#osm_default_node_selector='region=primary' - -# Override the default pod eviction timeout -#openshift_master_pod_eviction_timeout=5m - -# Override the default oauth tokenConfig settings: -# openshift_master_access_token_max_seconds=86400 -# openshift_master_auth_token_max_seconds=500 - -# Override master servingInfo.maxRequestsInFlight -#openshift_master_max_requests_inflight=500 - -# Override master and node servingInfo.minTLSVersion and .cipherSuites -# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12 -# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants -#openshift_master_min_tls_version=VersionTLS12 -#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] -# -#openshift_node_min_tls_version=VersionTLS12 -#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] - -# default storage plugin dependencies to install, by default the ceph and -# glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] - -# OpenShift Router Options -# -# An OpenShift router will be created during install if there are -# nodes present with labels matching the default router selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Router selector (optional) -# Router will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_router_selector='region=infra' -# -# Router replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift router selector. -#openshift_hosted_router_replicas=2 -# -# Router force subdomain (optional) -# A router path format to force on all routes used by this router -# (will ignore the route host value) -#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com' -# -# Router certificate (optional) -# Provide local certificate paths which will be configured as the -# router's default certificate. -#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} -# -# Manage the OpenShift Router -#openshift_hosted_manage_router=true -# -# Router sharding support has been added and can be achieved by supplying the correct -# data to the inventory. The variable to house the data is openshift_hosted_routers -# and is in the form of a list. If no data is passed then a default router will be -# created. There are multiple combinations of router sharding. The one described -# below supports routers on separate nodes. -# -#openshift_hosted_routers=[{'name': 'router1', 'certificate': {'certfile': '/path/to/certificate/abc.crt', 'keyfile': '/path/to/certificate/abc.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router1', 'ports': ['80:80', '443:443']}, {'name': 'router2', 'certificate': {'certfile': '/path/to/certificate/xyz.crt', 'keyfile': '/path/to/certificate/xyz.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [{'action': 'append', 'key': 'spec.template.spec.containers[0].env', 'value': {'name': 'ROUTE_LABELS', 'value': 'route=external'}}], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router2', 'ports': ['80:80', '443:443']}] - -# OpenShift Registry Console Options -# Override the console image prefix for enterprise deployments, not used in origin -# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" -#openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ -# Override image version, defaults to latest for origin, matches the product version for enterprise -#openshift_cockpit_deployer_version=1.4.1 - -# Openshift Registry Options -# -# An OpenShift registry will be created during install if there are -# nodes present with labels matching the default registry selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Registry selector (optional) -# Registry will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_registry_selector='region=infra' -# -# Registry replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift registry selector. -#openshift_hosted_registry_replicas=2 -# -# Validity of the auto-generated certificate in days (optional) -#openshift_hosted_registry_cert_expire_days=730 -# -# Manage the OpenShift Registry -#openshift_hosted_manage_registry=true - -# Registry Storage Options -# -# NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_host=nfs.example.com -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# Openstack -# Volume must already exist. -#openshift_hosted_registry_storage_kind=openstack -#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] -#openshift_hosted_registry_storage_openstack_filesystem=ext4 -#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 -#openshift_hosted_registry_storage_volume_size=10Gi -# -# AWS S3 -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_encrypt=false -#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id -#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id -#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Any S3 service (Minio, ExoScale, ...): Basically the same as above -# but with regionendpoint configured -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_accesskey=access_key_id -#openshift_hosted_registry_storage_s3_secretkey=secret_access_key -#openshift_hosted_registry_storage_s3_regionendpoint=https://myendpoint.example.com/ -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Additional CloudFront Options. When using CloudFront all three -# of the followingg variables must be defined. -#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ -#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem -#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid - -# Metrics deployment -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -# -# By default metrics are not automatically deployed, set this to enable them -#openshift_metrics_install_metrics=true -# -# Storage Options -# If openshift_metrics_storage_kind is unset then metrics will be stored -# in an EmptyDir volume and will be deleted when the cassandra pod terminates. -# Storage options A & B currently support only one cassandra pod which is -# generally enough for up to 1000 pods. Additional volumes can be created -# manually after the fact and metrics scaled per the docs. -# -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_nfs_options='*(rw,root_squash)' -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_host=nfs.example.com -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_metrics_storage_kind=dynamic -# -# Other Metrics Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_metrics/README.md -# -# Override metricsPublicURL in the master config for cluster metrics -# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics -# Currently, you may only alter the hostname portion of the url, alterting the -# `/hawkular/metrics` path will break installation of metrics. -#openshift_metrics_hawkular_hostname=https://hawkular-metrics.example.com/hawkular/metrics -# Configure the prefix and version for the component images -#openshift_metrics_image_prefix=docker.io/openshift/origin- -#openshift_metrics_image_version=v3.7.0 -# -# StorageClass -# openshift_storageclass_name=gp2 -# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': 'false'} -# - -# Logging deployment -# -# Currently logging deployment is disabled by default, enable it by setting this -#openshift_logging_install_logging=true -# -# Logging storage config -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_nfs_options='*(rw,root_squash)' -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_host=nfs.example.com -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_logging_storage_kind=dynamic -# -# Option D - none -- Logging will use emptydir volumes which are destroyed when -# pods are deleted -# -# Other Logging Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_logging/README.md -# -# Configure loggingPublicURL in the master config for aggregate logging, defaults -# to kibana.{{ openshift_master_default_subdomain }} -#openshift_logging_kibana_hostname=logging.apps.example.com -# Configure the number of elastic search nodes, unless you're using dynamic provisioning -# this value must be 1 -#openshift_logging_es_cluster_size=1 -# Configure the prefix and version for the component images -#openshift_logging_image_prefix=docker.io/openshift/origin- -#openshift_logging_image_version=v3.7.0 - -# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') -# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' - -# Disable the OpenShift SDN plugin -# openshift_use_openshift_sdn=False - -# Configure SDN cluster network and kubernetes service CIDR blocks. These -# network blocks should be private and should not conflict with network blocks -# in your infrastructure that pods may require access to. Can not be changed -# after deployment. -# -# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of -# 172.17.0.0/16. Your installation will fail and/or your configuration change will -# cause the Pod SDN or Cluster SDN to fail. -# -# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting -# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS -# environment variable located in /etc/sysconfig/docker-network. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_cluster_network_cidr: clusterNetworkCIDR -# openshift_portal_net: serviceNetworkCIDR -# When installing osm_cluster_network_cidr and openshift_portal_net must be set. -# Sane examples are provided below. -#osm_cluster_network_cidr=10.128.0.0/14 -#openshift_portal_net=172.30.0.0/16 - -# ExternalIPNetworkCIDRs controls what values are acceptable for the -# service external IP field. If empty, no externalIP may be set. It -# may contain a list of CIDRs which are checked for access. If a CIDR -# is prefixed with !, IPs in that CIDR will be rejected. Rejections -# will be applied first, then the IP checked against one of the -# allowed CIDRs. You should ensure this range does not overlap with -# your nodes, pods, or service CIDRs for security reasons. -#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] - -# IngressIPNetworkCIDR controls the range to assign ingress IPs from for -# services of type LoadBalancer on bare metal. If empty, ingress IPs will not -# be assigned. It may contain a single CIDR that will be allocated from. For -# security reasons, you should ensure that this range does not overlap with -# the CIDRs reserved for external IPs, nodes, pods, or services. -#openshift_master_ingress_ip_network_cidr=172.46.0.0/16 - -# Configure number of bits to allocate to each host’s subnet e.g. 9 -# would mean a /23 network on the host. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_host_subnet_length: hostSubnetLength -# When installing osm_host_subnet_length must be set. A sane example is provided below. -#osm_host_subnet_length=9 - -# Configure master API and console ports. -#openshift_master_api_port=8443 -#openshift_master_console_port=8443 - -# set RPM version for debugging purposes -#openshift_pkg_version=-1.1 - -# Configure custom ca certificate -#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} -# -# NOTE: CA certificate will not be replaced with existing clusters. -# This option may only be specified when creating a new cluster or -# when redeploying cluster certificates with the redeploy-certificates -# playbook. - -# Configure custom named certificates (SNI certificates) -# -# https://docs.openshift.org/latest/install_config/certificate_customization.html -# -# NOTE: openshift_master_named_certificates is cached on masters and is an -# additive fact, meaning that each run with a different set of certificates -# will add the newly provided certificates to the cached set of certificates. -# -# An optional CA may be specified for each named certificate. CAs will -# be added to the OpenShift CA bundle which allows for the named -# certificate to be served for internal cluster communication. -# -# If you would like openshift_master_named_certificates to be overwritten with -# the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates=true -# -# Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] -# -# Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] - -# Session options -#openshift_master_session_name=ssn -#openshift_master_session_max_seconds=3600 - -# An authentication and encryption secret will be generated if secrets -# are not provided. If provided, openshift_master_session_auth_secrets -# and openshift_master_encryption_secrets must be equal length. -# -# Signing secrets, used to authenticate sessions using -# HMAC. Recommended to use secrets with 32 or 64 bytes. -#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] -# -# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32 -# characters long, to select AES-128, AES-192, or AES-256. -#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] - -# configure how often node iptables rules are refreshed -#openshift_node_iptables_sync_period=5s - -# Configure nodeIP in the node config -# This is needed in cases where node traffic is desired to go over an -# interface other than the default network interface. -#openshift_set_node_ip=True - -# Force setting of system hostname when configuring OpenShift -# This works around issues related to installations that do not have valid dns -# entries for the interfaces attached to the host. -#openshift_set_hostname=True - -# Configure dnsIP in the node config -#openshift_dns_ip=172.30.0.1 - -# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} - -# Configure logrotate scripts -# See: https://github.com/nickhammond/ansible-logrotate -#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] - -# openshift-ansible will wait indefinitely for your input when it detects that the -# value of openshift_hostname resolves to an IP address not bound to any local -# interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. -# Setting this variable to true will override that check. -#openshift_override_hostname_check=true - -# openshift_use_dnsmasq is deprecated. This must be true, or installs will fail -# in versions >= 3.6 -#openshift_use_dnsmasq=False - -# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf -# This is useful for POC environments where DNS may not actually be available yet or to set -# options like 'strict-order' to alter dnsmasq configuration. -#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf - -# Global Proxy Configuration -# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment -# variables for docker and master services. -# -# Hosts in the openshift_no_proxy list will NOT use any globally -# configured HTTP(S)_PROXYs. openshift_no_proxy accepts domains -# (.example.com), and hosts (example.com), and IP addresses. -#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT -#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT -#openshift_no_proxy='.hosts.example.com,some-host.com' -# -# Most environments don't require a proxy between openshift masters, nodes, and -# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and -# specify that domain above instead. -# -# For example, having hosts with FQDNs: m1.ex.com, n1.ex.com, and -# n2.ex.com, one would simply add '.ex.com' to the openshift_no_proxy -# variable (above) and set this value to False -#openshift_generate_no_proxy_hosts=True -# -# These options configure the BuildDefaults admission controller which injects -# configuration into Builds. Proxy related values will default to the global proxy -# config values. You only need to set these if they differ from the global proxy settings. -# See BuildDefaults documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_no_proxy=mycorp.com -#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_no_proxy=mycorp.com -#openshift_builddefaults_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_builddefaults_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_builddefaults_annotations={'annotationkey1':'annotationvalue1'} -#openshift_builddefaults_resources_requests_cpu=100m -#openshift_builddefaults_resources_requests_memory=256Mi -#openshift_builddefaults_resources_limits_cpu=1000m -#openshift_builddefaults_resources_limits_memory=512Mi - -# Or you may optionally define your own build defaults configuration serialized as json -#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","gitNoProxy":"ose3-master.example.com","kind":"BuildDefaultsConfig"}}}' - -# These options configure the BuildOverrides admission controller which injects -# configuration into Builds. -# See BuildOverrides documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_buildoverrides_force_pull=true -#openshift_buildoverrides_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_buildoverrides_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_buildoverrides_annotations={'annotationkey1':'annotationvalue1'} - -# Or you may optionally define your own build overrides configuration serialized as json -#openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' - -# Enable template service broker by specifying one of more namespaces whose -# templates will be served by the broker -#openshift_template_service_broker_namespaces=['openshift'] - -# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default -#openshift_master_dynamic_provisioning_enabled=False - -# Admission plugin config -#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}} - -# Configure usage of openshift_clock role. -#openshift_clock_enabled=true - -# OpenShift Per-Service Environment Variables -# Environment variables are added to /etc/sysconfig files for -# each OpenShift service: node, master (api and controllers). -# API and controllers environment variables are merged in single -# master environments. -#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} -#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} -#openshift_node_env_vars={"ENABLE_HTTP2": "true"} - -# Enable API service auditing, available as of 1.3 -#openshift_master_audit_config={"enabled": true} -# -# In case you want more advanced setup for the auditlog you can -# use this line. -# The directory in "auditFilePath" will be created if it's not -# exist -#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} - -# Enable origin repos that point at Centos PAAS SIG, defaults to true, only used -# by deployment_type=origin -#openshift_enable_origin_repo=false - -# Validity of the auto-generated OpenShift certificates in days. -# See also openshift_hosted_registry_cert_expire_days above. -# -#openshift_ca_cert_expire_days=1825 -#openshift_node_cert_expire_days=730 -#openshift_master_cert_expire_days=730 - -# Validity of the auto-generated external etcd certificates in days. -# Controls validity for etcd CA, peer, server and client certificates. -# -#etcd_ca_default_days=1825 -# -# ServiceAccountConfig:LimitSecretRefences rejects pods that reference secrets their service accounts do not reference -# openshift_master_saconfig_limitsecretreferences=false - -# Upgrade Control -# -# By default nodes are upgraded in a serial manner one at a time and all failures -# are fatal, one set of variables for normal nodes, one set of variables for -# nodes that are part of control plane as the number of hosts may be different -# in those two groups. -#openshift_upgrade_nodes_serial=1 -#openshift_upgrade_nodes_max_fail_percentage=0 -#openshift_upgrade_control_plane_nodes_serial=1 -#openshift_upgrade_control_plane_nodes_max_fail_percentage=0 -# -# You can specify the number of nodes to upgrade at once. We do not currently -# attempt to verify that you have capacity to drain this many nodes at once -# so please be careful when specifying these values. You should also verify that -# the expected number of nodes are all schedulable and ready before starting an -# upgrade. If it's not possible to drain the requested nodes the upgrade will -# stall indefinitely until the drain is successful. -# -# If you're upgrading more than one node at a time you can specify the maximum -# percentage of failure within the batch before the upgrade is aborted. Any -# nodes that do fail are ignored for the rest of the playbook run and you should -# take care to investigate the failure and return the node to service so that -# your cluster. -# -# The percentage must exceed the value, this would fail on two failures -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=49 -# where as this would not -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=50 -# -# Multiple data migrations take place and if they fail they will fail the upgrade -# You may wish to disable these or make them non fatal -# -# openshift_upgrade_pre_storage_migration_enabled=true -# openshift_upgrade_pre_storage_migration_fatal==true -# openshift_upgrade_post_storage_migration_enabled=true -# openshift_upgrade_post_storage_migration_fatal==false - -# host group for masters -[masters] -ose3-master[1:3]-ansible.test.example.com - -[etcd] -ose3-etcd[1:3]-ansible.test.example.com - -# NOTE: Containerized load balancer hosts are not yet supported, if using a global -# containerized=true host variable we must set to false. -[lb] -ose3-lb-ansible.test.example.com containerized=false - -# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes -# However, in order to ensure that your masters are not burdened with running pods you should -# make them unschedulable by adding openshift_schedulable=False any node that's also a master. -[nodes] -ose3-master[1:3]-ansible.test.example.com -ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 000000000..7f867d73b --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 595b7f19b..cc39b28dc 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,8 +9,8 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.7.0 -Release: 0.162.0%{?dist} +Version: 3.7.5 +Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -21,7 +21,12 @@ Requires: ansible >= 2.3 Requires: python2 Requires: python-six Requires: tar -Requires: openshift-ansible-docs = %{version} +Requires: %{name}-docs = %{version}-%{release} +Requires: %{name}-playbooks = %{version}-%{release} +Requires: %{name}-roles = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} Requires: java-1.8.0-openjdk-headless Requires: httpd-tools Requires: libselinux-python @@ -134,7 +139,7 @@ popd # ---------------------------------------------------------------------------------- %package docs Summary: Openshift and Atomic Enterprise Ansible documents -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description docs @@ -148,11 +153,11 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package playbooks Summary: Openshift and Atomic Enterprise Ansible Playbooks -Requires: %{name} = %{version} -Requires: %{name}-roles = %{version} -Requires: %{name}-lookup-plugins = %{version} -Requires: %{name}-filter-plugins = %{version} -Requires: %{name}-callback-plugins = %{version} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-roles = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} BuildArch: noarch %description playbooks @@ -192,10 +197,10 @@ end # openshift-ansible-roles subpackage # ---------------------------------------------------------------------------------- Summary: Openshift and Atomic Enterprise Ansible roles -Requires: %{name} = %{version} -Requires: %{name}-lookup-plugins = %{version} -Requires: %{name}-filter-plugins = %{version} -Requires: %{name}-callback-plugins = %{version} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} BuildArch: noarch %description roles @@ -210,7 +215,7 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package filter-plugins Summary: Openshift and Atomic Enterprise Ansible filter plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch Requires: pyOpenSSL @@ -227,7 +232,7 @@ Requires: pyOpenSSL # ---------------------------------------------------------------------------------- %package lookup-plugins Summary: Openshift and Atomic Enterprise Ansible lookup plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description lookup-plugins @@ -243,7 +248,7 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package callback-plugins Summary: Openshift and Atomic Enterprise Ansible callback plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description callback-plugins @@ -260,7 +265,7 @@ BuildArch: noarch %package -n atomic-openshift-utils Summary: Atomic OpenShift Utilities BuildRequires: python-setuptools -Requires: %{name}-playbooks = %{version} +Requires: %{name}-playbooks = %{version}-%{release} Requires: python-click Requires: python-setuptools Requires: PyYAML @@ -280,6 +285,347 @@ Atomic OpenShift Utilities includes %changelog +* Thu Nov 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.5-1 +- + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.4-1 +- + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.3-1 +- Adding configuration for keeping transient namespace on error. + (shawn.hurley21@gmail.com) +- Use openshift.common.client_binary (sdodson@redhat.com) +- Fix examples image streams (mgugino@redhat.com) +- Remove duplicate defaulting for ASB and TSB (sdodson@redhat.com) +- Fix preupgrade authorization objects are in sync minor versions + (mgugino@redhat.com) +- General template updates for v3.7 (sdodson@redhat.com) +- Update to xPaaS v1.4.6 (sdodson@redhat.com) +- Bug 1511044- Slurp the etcd certs instead of using the lookup + (fabian@fabianism.us) +- Change prometheus default namespace to 'openshift-metrics' + (zgalor@redhat.com) +- Bootstrap enhancements. (kwoodson@redhat.com) +- reconcile registry-console and docker_image_availability (lmeyer@redhat.com) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.2-1 +- Remove debug code that was mistakenly committed (zgalor@redhat.com) +- Correct service restart command (sdodson@redhat.com) +- Give service-catalog controller-manager permissions to update status of + ClusterServiceClasses and ClusterServicePlans (staebler@redhat.com) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.1-1 +- Bug 1510636- add name to local registry config (fabian@fabianism.us) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.198.0 +- container_binary_sync: Remove atomic prefix from image (smilner@redhat.com) +- Bug 1510546- Fix previous fix, task was indented one level too deep + (fabian@fabianism.us) +- Use oc rather than kubectl (sdodson@redhat.com) +- Re-add challenge auth verification to github and google (mgugino@redhat.com) +- Move fact definition that breaks when check to end of block + (fabian@fabianism.us) +- [Bug 1509354] Check if routers have certificates and use them + (kwoodson@redhat.com) +- Fix v3.6 xpaas image streams (sdodson@redhat.com) +- Fix v3.7 xpaas image streams (sdodson@redhat.com) +- Fix prometheus default vars (mgugino@redhat.com) +- openshift_checks: Add OVS versions for OCP 3.7 (miciah.masters@gmail.com) +- Proper quotes (dymurray@redhat.com) +- Update service broker configmap and serviceaccount privileges + (dymurray@redhat.com) +- Add etcd as part of inventory file. Otherwise, it fails as "Running etcd as + an embedded service is no longer supported." (sarumuga@redhat.com) +- Add centos based dotnet 2.0 image streams (sdodson@redhat.com) + +* Tue Nov 07 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.197.0 +- Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during + rolling CA redeployment. (abutcher@redhat.com) +- container-engine: ensure /var/lib/containers/ is properly labelled + (gscrivan@redhat.com) +- Moving docker location to share path with system containers. + (kwoodson@redhat.com) +- Retry restarting master controllers (mgugino@redhat.com) +- Bug 1509680- Fix ansible-service-broker registry validations + (fabian@fabianism.us) +- Fix preupgrade authorization objects are in sync (mgugino@redhat.com) +- Bug 1507617- Move etcd into its own service/dc with SSL (fabian@fabianism.us) + +* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.196.0 +- Bug 1509052 - Remove logfile from broker config (david.j.zager@gmail.com) +- Fix github auth validation (mgugino@redhat.com) +- Re-generate lib_openshift (mail@jkroepke.de) +- Remove provisioner restrictions on oc_storageclass (mail@jkroepke.de) + +* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.195.0 +- Bug 1507787- add full path to default asb etcd image (fabian@fabianism.us) + +* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.194.0 +- Revert "Bootstrap enhancements." (ccoleman@redhat.com) + +* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.193.0 +- management: enterprise users must acknowledge use of beta software + (tbielawa@redhat.com) + +* Sat Nov 04 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.192.0 +- Bootstrap enhancements. (kwoodson@redhat.com) +- Fix master upgrade version detect and systemd enable (mgugino@redhat.com) +- Correct groupname during upgrade_control_plane play (mgugino@redhat.com) +- openshift_hosted: Add docker-gc (smilner@redhat.com) +- Remove old /etc/yum.repos.d/openshift_additional.repo file. + (abutcher@redhat.com) +- CFME: Use cluster_hostname if cluster_public_hostname isn't available + (tbielawa@redhat.com) +- Use client binary and well defined kubeconfig (sdodson@redhat.com) +- Ensure install and remove are mutually exclusive via + openshift_sanitize_inventory (sdodson@redhat.com) +- Enable SC, ASB, TSB by default (sdodson@redhat.com) +- Using the currently attached pvc for an ES dc if available, otherwise falling + back to current logic (ewolinet@redhat.com) +- Adding elb changes to provision elbs and add to scale group. + (kwoodson@redhat.com) +- Give admin and edit roles permission to patch ServiceInstances and + ServiceBindings (staebler@redhat.com) + +* Fri Nov 03 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.191.0 +- Adding CONFIG_FILE option back. (kwoodson@redhat.com) +- Configurable node config location. (kwoodson@redhat.com) +- Add enterprise prometheus image defaults (sdodson@redhat.com) +- Adding meta/main.yml to allow for Galaxy use of this repo (bedin@redhat.com) + +* Thu Nov 02 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.190.0 +- check presence of v2 snapshot before the migration proceeds + (jchaloup@redhat.com) +- Remove delegate_to from openshift_facts within the openshift_ca role. + (abutcher@redhat.com) +- Don't use possibly undefined variables in error messages + (tbielawa@redhat.com) +- MTU for bootstrapping should default to openshift_node_sdn_mtu + (ccoleman@redhat.com) +- Retry service account bootstrap kubeconfig creation (ccoleman@redhat.com) +- Docker: make use of new etc/containers/registries.conf optional + (mgugino@redhat.com) +- Add rules to the view ClusterRole for service catalog. (staebler@redhat.com) +- Updating console OPENSHIFT_CONSTANTS flag for TSB (ewolinet@redhat.com) +- GlusterFS: Fix registry storage documentation (jarrpa@redhat.com) +- fix comment and make it visible to end-user (azagayno@redhat.com) +- escape also custom_cors_origins (azagayno@redhat.com) +- add comment on regexp specifics (azagayno@redhat.com) +- escape corsAllowedOrigins regexp strings and anchor them + (azagayno@redhat.com) + +* Wed Nov 01 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.189.0 +- Stating that certificate it is required when doing SSL on ELB. + (kwoodson@redhat.com) +- Ensure GCP image build instance gets cleaned up on teardown + (ccoleman@redhat.com) +- Switch from bind-interfaces to bind-dynamic (sdodson@redhat.com) +- Remove unused osm_controller_lease_ttl (mgugino@redhat.com) +- Delete images located in a family named {{ prefix }}images + (ccoleman@redhat.com) +- Use global IP to indicate node should pick DNS (ccoleman@redhat.com) +- Remove project metadata prefixed with the cluster prefix + (ccoleman@redhat.com) +- Use openshift.node.registry_url instead of oreg_url (ccoleman@redhat.com) +- Allow master node group to wait for stable on GCP (ccoleman@redhat.com) +- GCP cannot use AWS growpart package (ccoleman@redhat.com) +- dnsmasq cache-size dns-forward-max change (pcameron@redhat.com) +- Also require that we match the release (sdodson@redhat.com) +- Add arbitrary firewall port config to master too (sdodson@redhat.com) +- remove master.service during the non-ha to ha upgrade (jchaloup@redhat.com) +- Removing unneeded bootstrap which moved into the product. + (kwoodson@redhat.com) +- Add retry logic to docker auth credentials (mgugino@redhat.com) +- Retry restarting journald (mgugino@redhat.com) +- Modify StorageClass name to standard (piqin@redhat.com) +- Give PV & PVC empty storage class to avoid being assigned default gp2 + (mawong@redhat.com) +- Use oc_project to ensure openshift_provisioners_project present + (mawong@redhat.com) +- Fix yaml formatting (mawong@redhat.com) +- Create default storageclass for cloudprovider openstack (piqin@redhat.com) +- preserve the oo-install ansible_inventory_path value (rmeggins@redhat.com) + +* Tue Oct 31 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.188.0 +- Add dm_thin_pool for gluster use (sdodson@redhat.com) +- Fix broken oc_secret update function (barlik@gmx.com) +- add new clusterNetworks fields to new installs (jtanenba@redhat.com) +- docker: Create openshift_docker_is_node_or_master variable + (smilner@redhat.com) +- Correctly install cockpit (sdodson@redhat.com) +- Glusterfs storage templates for v1.5 added (chinacoolhacker@gmail.com) +- bug 1501599. Omit logging project from overcommit restrictions + (jcantril@redhat.com) +- GlusterFS: Remove image option from heketi command (jarrpa@redhat.com) + +* Mon Oct 30 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.187.0 +- + +* Sun Oct 29 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.186.0 +- + +* Sat Oct 28 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.185.0 +- bug 1506073. Lower cpu request for logging when it exceeds limit + (jcantril@redhat.com) +- Update the name of the service-catalog binary (staebler@redhat.com) +- disk_availability check: include submount storage (lmeyer@redhat.com) + +* Fri Oct 27 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.184.0 +- cri-o: Set max log size to 50 mb (mrunalp@gmail.com) +- cri-o: open port 10010 (gscrivan@redhat.com) +- bug 1435144. Remove uneeded upgrade in openshift_logging role + (jcantril@redhat.com) +- Remove inadvertently committed inventory file (rteague@redhat.com) +- crio: restorcon /var/lib/containers (smilner@redhat.com) +- Correct openshift_release regular expression (rteague@redhat.com) +- crio: Add failed_when to overlay check (smilner@redhat.com) +- docker: set credentials when using system container (gscrivan@redhat.com) +- Change dnsmasq to bind-interfaces + except-interfaces (mgugino@redhat.com) +- Fix CA Bundle passed to service-catalog broker for ansible-service-broker + (staebler@redhat.com) +- Renaming csr to bootstrap for consistency. (kwoodson@redhat.com) +- Add master config upgrade hook to upgrade-all plays (mgugino@redhat.com) +- Remove 'Not Started' status from playbook checkpoint (rteague@redhat.com) +- Force include_role to static for loading openshift_facts module + (rteague@redhat.com) +- Make openshift-ansible depend on all subpackages (sdodson@redhat.com) +- Refactor health check playbooks (rteague@redhat.com) + +* Fri Oct 27 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.183.0 +- + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.182.0 +- Fixing documentation for the cert_key_path variable name. + (kwoodson@redhat.com) +- Moving removal of unwanted artifacts to image_prep. (kwoodson@redhat.com) +- Ensure journald persistence directories exist (mgugino@redhat.com) +- Fix lint (tbielawa@redhat.com) +- Move add_many_container_providers.yml to playbooks/byo/openshift-management + with a noop task include to load filter plugins. (abutcher@redhat.com) +- Refactor adding multiple container providers (tbielawa@redhat.com) +- Management Cleanup and Provider Integration (tbielawa@redhat.com) + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.181.0 +- Fix loop_var warnings during logging install (mgugino@redhat.com) +- Fix typo and add detailed comments in kuryr (sngchlko@gmail.com) + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.179.0 +- Remove pause from master service startup (rteague@redhat.com) +- Change default in prometheus storage type to emptydir (zgalor@redhat.com) +- Bug 1491636 - honor node selectors (jwozniak@redhat.com) +- Sync latest imagestreams and templates (sdodson@redhat.com) +- Remove base package install (mgugino@redhat.com) +- etcd: remove hacks for the system container (gscrivan@redhat.com) +- Ensure deployment_subtype is set within openshift_sanitize_inventory. + (abutcher@redhat.com) +- Add installer checkpoint for prometheus (zgalor@redhat.com) +- Remove unused registry_volume_claim variable (hansmi@vshn.ch) + +* Wed Oct 25 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.178.0 +- Split prometheus image defaults to prefix and version (zgalor@redhat.com) +- Remove extraneous spaces that yamllint dislikes (staebler@redhat.com) +- Fix edit and admin role patching for service catalog (staebler@redhat.com) +- strip dash when comparing version with Python3 (jchaloup@redhat.com) +- Bug 1452939 - change Logging & Metrics imagePullPolicy (jwozniak@redhat.com) +- Remove role bindings during service catalog un-install (staebler@redhat.com) +- Fix a few small issues in service catalog uninstall (staebler@redhat.com) +- Remove incorrect validation for OpenIDIdentityProvider (mgugino@redhat.com) +- Enable oreg_auth credential replace during upgrades (mgugino@redhat.com) +- Handle bootstrap behavior in GCP template (ccoleman@redhat.com) +- Ensure upgrades apply latest journald settings (mgugino@redhat.com) + +* Tue Oct 24 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.177.0 +- Check if the master service is non-ha or not (jchaloup@redhat.com) +- Correct host group for controller restart (rteague@redhat.com) +- Set the proper external etcd ip address when migrating embeded etcd + (jchaloup@redhat.com) +- Switch to stateful set in prometheus (zgalor@redhat.com) +- cli: use the correct name for the master system container + (gscrivan@redhat.com) +- cli: do not pull again the image when using Docker (gscrivan@redhat.com) +- verstion_gte seems unreliable on containerized installs (sdodson@redhat.com) +- Retry reconcile in case of error and give up eventually (simo@redhat.com) +- Updating ocp es proxy image to use openshift_logging_proxy_image_prefix if + specified (ewolinet@redhat.com) +- Generate all internal hostnames of no_proxy (ghuang@redhat.com) +- Add nfs variables documentation to README file (zgalor@redhat.com) +- Avoid undefined variable in master sysconfig template (hansmi@vshn.ch) +- Ensure proper variable templating for skopeo auth credentials + (mgugino@redhat.com) + +* Mon Oct 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.176.0 +- Update defaults (fabian@fabianism.us) +- Use service-ca.crt instead of master ca.crt (fabian@fabianism.us) +- use master cert (fabian@fabianism.us) +- Bug 1496426 - add asb-client secret to openshift-ansible-service-broker + namespace (fabian@fabianism.us) +- docker: Move enterprise registry from pkg to main (smilner@redhat.com) +- systemcontainers: Verify atomic.conf proxy is always configured + (smilner@redhat.com) +- Add variable to control whether NetworkManager hook is installed + (hansmi@vshn.ch) + +* Mon Oct 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.175.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.174.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.173.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.172.0 +- + +* Sat Oct 21 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.171.0 +- Use "requests" for CPU resources instead of limits + (peter.portante@redhat.com) +- [bz1501271] Attempt to use ami ssh user and default to ansible_ssh_user. + (kwoodson@redhat.com) +- Fix undefined variable for master upgrades (mgugino@redhat.com) +- Adding pre check to verify clusterid is set along with cloudprovider when + performing upgrade. (kwoodson@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.170.0 +- Check for container runtime prior to restarting when updating system CA + trust. (abutcher@redhat.com) +- bug 1489498. preserve replica and shard settings (jcantril@redhat.com) +- Set servingInfo.clientCA to ca.crt during upgrade. (abutcher@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.169.0 +- Initial Kuryr support (mdulko@redhat.com) +- Indentation errors (dymurray@redhat.com) +- Bug 1503233 - Add liveness and readiness probe checks to ASB deploymentconfig + (dymurray@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.168.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.167.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.166.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.165.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.164.0 +- Change to service-signer.crt for template_service_broker CA_BUNDLE + (staebler@redhat.com) +- Use service-signer.crt for ca_bundle passed to clusterservicebroker + (staebler@redhat.com) +- Rename ServiceBroker to ClusterServiceBroker for ansible_service_broker task. + (staebler@redhat.com) +- Add apiserver.crt to service-catalog controller-manager deployment. + (staebler@redhat.com) +- Remove redundant faulty role binding ifrom + kubeservicecatalog_roles_bindings.yml (staebler@redhat.com) +- Update service catalog playbook for service-catalog rc1 (staebler@redhat.com) + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.163.0 +- set use_manageiq as default (efreiber@redhat.com) + * Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.162.0 - Wait longer for stable GCP instances (ccoleman@redhat.com) - Remove unneeded master config updates during upgrades (mgugino@redhat.com) diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index fbab61189..417fb539a 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -65,8 +65,9 @@ openshift_release: # example: v3.7 openshift_pkg_version: # example: -3.7.0 openshift_aws_ssh_key_name: # example: myuser_key openshift_aws_base_ami: # example: ami-12345678 +# These are required when doing SSL on the ELBs openshift_aws_iam_cert_path: # example: '/path/to/wildcard.<clusterid>.example.com.crt' -openshift_aws_iam_key_path: # example: '/path/to/wildcard.<clusterid>.example.com.key' +openshift_aws_iam_cert_key_path: # example: '/path/to/wildcard.<clusterid>.example.com.key' ``` If customization is required for the instances, scale groups, or any other configurable option please see the ['openshift_aws/defaults/main.yml'](../../roles/openshift_aws/defaults/main.yml) for variables and overrides. These overrides can be placed in the `provisioning_vars.yml`, `inventory`, or `group_vars`. diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index ee281929a..fae30eb0a 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -26,8 +26,10 @@ tasks: - name: set the user to perform installation set_fact: - ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default('root') }}" + ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default(ansible_ssh_user) }}" openshift_node_bootstrap: True + openshift_node_image_prep_packages: + - cloud-utils-growpart # This is the part that installs all of the software and configs for the instance # to become a node. diff --git a/playbooks/aws/openshift-cluster/prerequisites.yml b/playbooks/aws/openshift-cluster/prerequisites.yml index df77fe3bc..f5eb01b14 100644 --- a/playbooks/aws/openshift-cluster/prerequisites.yml +++ b/playbooks/aws/openshift-cluster/prerequisites.yml @@ -4,5 +4,3 @@ - include: provision_ssh_keypair.yml - include: provision_sec_group.yml - vars: - openshift_aws_node_group_type: compute diff --git a/playbooks/aws/openshift-cluster/provision_sec_group.yml b/playbooks/aws/openshift-cluster/provision_sec_group.yml index 039357adb..7d74a691a 100644 --- a/playbooks/aws/openshift-cluster/provision_sec_group.yml +++ b/playbooks/aws/openshift-cluster/provision_sec_group.yml @@ -6,7 +6,7 @@ connection: local gather_facts: no tasks: - - name: create an instance and prepare for ami + - name: create security groups include_role: name: openshift_aws tasks_from: security_group.yml diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example index aa91363ae..1491fb868 100644 --- a/playbooks/aws/provisioning_vars.yml.example +++ b/playbooks/aws/provisioning_vars.yml.example @@ -116,5 +116,5 @@ openshift_aws_base_ami: # ami-12345678 # custom certificates are required for the ELB openshift_aws_iam_cert_path: # '/path/to/wildcard.<clusterid>.example.com.crt' -openshift_aws_iam_key_path: # '/path/to/wildcard.<clusterid>.example.com.key' -#openshift_aws_iam_cert_chain_path: '/path/to/cert.ca.crt' +openshift_aws_iam_cert_key_path: # '/path/to/wildcard.<clusterid>.example.com.key' +openshift_aws_iam_cert_chain_path: # '/path/to/cert.ca.crt' diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 60fa44c5b..f2e52782b 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -8,5 +8,3 @@ - always - include: ../../common/openshift-cluster/config.yml - vars: - openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index 255b0dbf7..f53d34145 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -42,3 +42,7 @@ - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml when: openshift_hosted_manage_registry | default(true) | bool + +- include: ../../common/openshift-master/revert-client-ca.yml + +- include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..3378b5abd --- /dev/null +++ b/playbooks/byo/openshift-management/add_container_provider.yml @@ -0,0 +1,6 @@ +--- +- include: ../openshift-cluster/initialize_groups.yml + +- include: ../../common/openshift-cluster/evaluate_groups.yml + +- include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/add_many_container_providers.yml b/playbooks/byo/openshift-management/add_many_container_providers.yml new file mode 100644 index 000000000..62fdb11c5 --- /dev/null +++ b/playbooks/byo/openshift-management/add_many_container_providers.yml @@ -0,0 +1,36 @@ +--- +- hosts: localhost + tasks: + - name: Ensure the container provider configuration is defined + assert: + that: container_providers_config is defined + msg: | + Error: Must provide providers config path. Fix: Add '-e container_providers_config=/path/to/your/config' to the ansible-playbook command + + - name: Include providers/management configuration + include_vars: + file: "{{ container_providers_config }}" + + - name: Ensure this cluster is a container provider + uri: + url: "https://{{ management_server['hostname'] }}/api/providers" + body_format: json + method: POST + user: "{{ management_server['user'] }}" + password: "{{ management_server['password'] }}" + validate_certs: no + # Docs on formatting the BODY of the POST request: + # http://manageiq.org/docs/reference/latest/api/reference/providers.html#specifying-connection-configurations + body: "{{ item }}" + failed_when: false + with_items: "{{ container_providers }}" + register: results + + # Include openshift_management for access to filter_plugins. + - include_role: + name: openshift_management + tasks_from: noop + + - name: print each result + debug: + msg: "{{ results.results | oo_filter_container_providers }}" diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml index e8795ef85..209c66502 100644 --- a/playbooks/byo/openshift-management/config.yml +++ b/playbooks/byo/openshift-management/config.yml @@ -1,6 +1,6 @@ --- - include: ../openshift-cluster/initialize_groups.yml -- include: ../../common/openshift-cluster/evaluate_groups.yml +- include: ../../common/openshift-cluster/std_include.yml - include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-management/roles b/playbooks/byo/openshift-management/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-management/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-management/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml index a1fb1cdc4..e95c1c88a 100644 --- a/playbooks/byo/openshift-management/uninstall.yml +++ b/playbooks/byo/openshift-management/uninstall.yml @@ -1,4 +1,2 @@ --- -# - include: ../openshift-cluster/initialize_groups.yml - - include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/common/openshift-checks/adhoc.yml b/playbooks/common/openshift-checks/adhoc.yml index dfcef8435..d0deaeb65 100644 --- a/playbooks/common/openshift-checks/adhoc.yml +++ b/playbooks/common/openshift-checks/adhoc.yml @@ -1,12 +1,13 @@ --- -- name: OpenShift health checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: adhoc post_tasks: - - name: Run health checks + - name: Run health checks (adhoc) action: openshift_health_check args: checks: '{{ openshift_checks | default([]) }}' diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/common/openshift-checks/health.yml index 21ea785ef..d0921b9d3 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/common/openshift-checks/health.yml @@ -1,11 +1,13 @@ --- -- name: Run OpenShift health checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: health post_tasks: - - action: openshift_health_check + - name: Run health checks (@health) + action: openshift_health_check args: checks: ['@health'] diff --git a/playbooks/common/openshift-checks/install.yml b/playbooks/common/openshift-checks/install.yml new file mode 100644 index 000000000..6701a2e15 --- /dev/null +++ b/playbooks/common/openshift-checks/install.yml @@ -0,0 +1,47 @@ +--- +- name: Health Check Checkpoint Start + hosts: oo_all_hosts + gather_facts: false + tasks: + - name: Set Health Check 'In Progress' + set_stats: + data: + installer_phase_health: "In Progress" + aggregate: false + +- name: OpenShift Health Checks + hosts: oo_all_hosts + any_errors_fatal: true + roles: + - openshift_health_checker + vars: + - r_openshift_health_checker_playbook_context: install + post_tasks: + - name: Run health checks (install) - EL + when: ansible_distribution != "Fedora" + action: openshift_health_check + args: + checks: + - disk_availability + - memory_availability + - package_availability + - package_version + - docker_image_availability + - docker_storage + + - name: Run health checks (install) - Fedora + when: ansible_distribution == "Fedora" + action: openshift_health_check + args: + checks: + - docker_image_availability + +- name: Health Check Checkpoint End + hosts: oo_all_hosts + gather_facts: false + tasks: + - name: Set Health Check 'Complete' + set_stats: + data: + installer_phase_health: "Complete" + aggregate: false diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/common/openshift-checks/pre-install.yml index 88e6f9120..32449d4e4 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/common/openshift-checks/pre-install.yml @@ -1,11 +1,13 @@ --- -- name: run OpenShift pre-install checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: pre-install post_tasks: - - action: openshift_health_check + - name: Run health checks (@preflight) + action: openshift_health_check args: checks: ['@preflight'] diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 395eb51f1..3b4d6f9a6 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,31 +1,5 @@ --- -# TODO: refactor this into its own include -# and pass a variable for ctx -- name: Verify Requirements - hosts: oo_all_hosts - roles: - - openshift_health_checker - vars: - - r_openshift_health_checker_playbook_context: install - post_tasks: - - - name: Verify Requirements - EL - when: ansible_distribution != "Fedora" - action: openshift_health_check - args: - checks: - - disk_availability - - memory_availability - - package_availability - - package_version - - docker_image_availability - - docker_storage - - name: Verify Requirements - Fedora - when: ansible_distribution == "Fedora" - action: openshift_health_check - args: - checks: - - docker_image_availability +- include: ../openshift-checks/install.yml - include: ../openshift-etcd/config.yml @@ -53,7 +27,7 @@ when: openshift_logging_install_logging | default(false) | bool - include: service_catalog.yml - when: openshift_enable_service_catalog | default(false) | bool + when: openshift_enable_service_catalog | default(true) | bool - include: ../openshift-management/config.yml when: openshift_management_install_management | default(false) | bool diff --git a/playbooks/common/openshift-cluster/create_persistent_volumes.yml b/playbooks/common/openshift-cluster/create_persistent_volumes.yml index ec6f2c52c..8a60a30b8 100644 --- a/playbooks/common/openshift-cluster/create_persistent_volumes.yml +++ b/playbooks/common/openshift-cluster/create_persistent_volumes.yml @@ -1,13 +1,4 @@ --- -- name: Create persistent volumes - hosts: oo_first_master - vars: - persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" - persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" - tasks: - - debug: var=persistent_volumes - - debug: var=persistent_volume_claims - - name: Create Hosted Resources - persistent volumes hosts: oo_first_master vars: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index be2f8b5f4..91223d368 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -10,6 +10,7 @@ - name: load openshift_facts module include_role: name: openshift_facts + static: yes # TODO: Should this role be refactored into health_checks?? - name: Run openshift_sanitize_inventory to set variables @@ -145,7 +146,19 @@ https_proxy: "{{ openshift_https_proxy | default(None) }}" no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" - no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + + - name: Set fact of no_proxy_internal_hostnames + openshift_facts: + role: common + local_facts: + no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: + - openshift_http_proxy is defined or openshift_https_proxy is defined + - openshift_generate_no_proxy_hosts | default(True) | bool - name: initialize_facts set_fact repoquery command set_fact: diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index e6400ea61..37a5284d5 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -1,15 +1,4 @@ --- -# openshift_install_base_package_group may be set in a play variable to limit -# the host groups the base package is installed on. This is currently used -# for master/control-plane upgrades. -- name: Set version_install_base_package true on masters and nodes - hosts: "{{ openshift_install_base_package_group | default('oo_masters_to_config:oo_nodes_to_config') }}" - tasks: - - name: Set version_install_base_package true - set_fact: - version_install_base_package: True - when: version_install_base_package is not defined - # NOTE: requires openshift_facts be run - name: Determine openshift_version to configure on first master hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/install_docker_gc.yml b/playbooks/common/openshift-cluster/install_docker_gc.yml new file mode 100644 index 000000000..1e3dfee07 --- /dev/null +++ b/playbooks/common/openshift-cluster/install_docker_gc.yml @@ -0,0 +1,7 @@ +--- +- name: Install docker gc + hosts: oo_first_master + gather_facts: false + tasks: + - include_role: + name: openshift_docker_gc diff --git a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml index 4b4f19690..62fe0dd60 100644 --- a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml +++ b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml @@ -3,4 +3,4 @@ hosts: oo_first_master roles: - role: openshift_default_storage_class - when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce') + when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce' or openshift_cloudprovider_kind == 'openstack') diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index c1536eb36..281ccce2e 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -24,6 +24,11 @@ - include: openshift_prometheus.yml when: openshift_hosted_prometheus_deploy | default(False) | bool +- include: install_docker_gc.yml + when: + - openshift_use_crio | default(False) | bool + - openshift_crio_enable_docker_gc | default(False) | bool + - name: Hosted Install Checkpoint End hosts: oo_all_hosts gather_facts: false diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/common/openshift-cluster/openshift_prometheus.yml index ac2d250a3..a73b294a5 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/common/openshift-cluster/openshift_prometheus.yml @@ -1,5 +1,25 @@ --- +- name: Prometheus Install Checkpoint Start + hosts: oo_all_hosts + gather_facts: false + tasks: + - name: Set Prometheus install 'In Progress' + set_stats: + data: + installer_phase_prometheus: "In Progress" + aggregate: false + - name: Create Hosted Resources - openshift_prometheus hosts: oo_first_master roles: - role: openshift_prometheus + +- name: Prometheus Install Checkpoint End + hosts: oo_all_hosts + gather_facts: false + tasks: + - name: Set Prometheus install 'Complete' + set_stats: + data: + installer_phase_prometheus: "Complete" + aggregate: false diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 2068ed199..e22c8cbdb 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -43,11 +43,6 @@ when: (g_master_config_output.content|b64decode|from_yaml).oauthConfig.masterCA != 'ca-bundle.crt' - modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: servingInfo.clientCA - yaml_value: ca.crt - when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' - - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: etcdClientInfo.ca yaml_value: ca-bundle.crt when: @@ -67,6 +62,13 @@ when: - groups.oo_etcd_to_config | default([]) | length == 0 - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' + # Set servingInfo.clientCA to client-ca-bundle.crt in order to roll the CA certificate. + # This change will be reverted in playbooks/byo/openshift-cluster/redeploy-certificates.yml + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: client-ca-bundle.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'client-ca-bundle.crt' - name: Copy current OpenShift CA to legacy directory hosts: oo_masters_to_config @@ -155,6 +157,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt delegate_to: "{{ openshift_ca_host }}" run_once: true changed_when: false @@ -173,6 +176,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt - name: Update master client kubeconfig CA data kubeclient_ca: client_path: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig" diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 2826951e6..6ad0b6b86 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -9,7 +9,12 @@ - name: Ensure firewall is not switched during upgrade hosts: oo_all_hosts + vars: + openshift_master_installed_version: "{{ hostvars[groups.oo_first_master.0].openshift.common.version }}" tasks: + - name: set currently installed version + set_fact: + openshift_currently_installed_version: "{{ openshift_master_installed_version }}" - name: Check if iptables is running command: systemctl status iptables changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml index 45022cd61..6a5bc24f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml @@ -9,16 +9,29 @@ local_facts: ha: "{{ groups.oo_masters_to_config | length > 1 }}" - - name: Ensure HA Master is running - service: - name: "{{ openshift.common.service_type }}-master-api" - state: started - enabled: yes - when: openshift.common.is_containerized | bool + - when: openshift.common.is_containerized | bool + block: + - set_fact: + master_services: + - "{{ openshift.common.service_type }}-master" - - name: Ensure HA Master is running - service: - name: "{{ openshift.common.service_type }}-master-controllers" - state: started - enabled: yes - when: openshift.common.is_containerized | bool + # In case of the non-ha to ha upgrade. + - name: Check if the {{ openshift.common.service_type }}-master-api.service exists + command: > + systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend + register: master_api_service_status + + - set_fact: + master_services: + - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift.common.service_type }}-master-controllers" + when: + - master_api_service_status.stdout_lines | length > 0 + - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + + - name: Ensure Master is running + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 142ce5f3d..13fa37b09 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@ msg: Verify OpenShift is already installed when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary + include_role: + name: docker + tasks_from: registry_auth.yml + when: oreg_auth_user is defined + - name: Verify containers are available for upgrade command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} @@ -37,7 +43,7 @@ fail: msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required" when: - - openshift_pkg_version | default('0.0', True) | version_compare(openshift_release, '<') + - (openshift_pkg_version | default('-0.0', True)).split('-')[1] | version_compare(openshift_release, '<') - name: Fail when openshift version does not meet minium requirement for Origin upgrade fail: diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index c37a5f9ab..a5e2f7940 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -90,6 +90,9 @@ - include_vars: ../../../../roles/openshift_master/vars/main.yml + - name: Update journald config + include: ../../../../roles/openshift_master/tasks/journald.yml + - name: Remove any legacy systemd units and update systemd units include: ../../../../roles/openshift_master/tasks/systemd_units.yml @@ -199,7 +202,7 @@ {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-roles --additive-only=true --confirm -o name register: reconcile_cluster_role_result - when: not openshift.common.version_gte_3_7 | bool + when: openshift_version | version_compare('3.7','<') changed_when: - reconcile_cluster_role_result.stdout != '' - reconcile_cluster_role_result.rc == 0 @@ -214,7 +217,7 @@ --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm -o name - when: not openshift.common.version_gte_3_7 | bool + when: openshift_version | version_compare('3.7','<') register: reconcile_bindings_result changed_when: - reconcile_bindings_result.stdout != '' @@ -229,9 +232,11 @@ changed_when: - reconcile_jenkins_role_binding_result.stdout != '' - reconcile_jenkins_role_binding_result.rc == 0 - when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) + when: + - openshift_version | version_compare('3.7','<') + - openshift_version | version_compare('3.4','>=') - - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool) + - when: openshift_upgrade_target | version_compare('3.7','<') block: - name: Retrieve shared-resource-viewer oc_obj: @@ -250,7 +255,6 @@ - "'annotations' in objout['results']['results'][0]['metadata']" - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']" - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'" - - copy: src: "{{ item }}" dest: "/tmp/{{ item }}" @@ -268,6 +272,12 @@ - "/tmp/{{ __master_shared_resource_viewer_file }}" delete_after: true when: __shared_resource_viewer_protected is not defined + register: result + retries: 3 + delay: 5 + until: result.rc == 0 + ignore_errors: true + - name: Reconcile Security Context Constraints command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index f64f0e003..54c85f0fb 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -68,7 +68,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index 43da5b629..d7cb38d03 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -68,7 +68,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml index 30e719d8f..bda245fe1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -112,6 +112,8 @@ - include: ../cleanup_unused_images.yml - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_5/master_config_upgrade.yml" - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index e9cec9220..6cdea7b84 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -72,7 +72,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml index 52458e03c..db0c8f886 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml @@ -8,3 +8,8 @@ dest: "{{ openshift.common.config_base}}/master/master-config.yaml" yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' yaml_value: service-signer.key + +- modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 920dc2ffc..dd109cfa9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -116,6 +116,8 @@ - include: ../cleanup_unused_images.yml - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_6/master_config_upgrade.yml" - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 27d8515dc..8ab68002d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -76,7 +76,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml index c26e8f744..1d4d1919c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml @@ -13,3 +13,8 @@ dest: "{{ openshift.common.config_base}}/master/master-config.yaml" yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' yaml_value: service-signer.key + +- modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index bf3b94682..f4862e321 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -119,13 +119,13 @@ tasks: - include: ../cleanup_unused_images.yml -#TODO: Why doesn't this compose using ./upgrade_control_plane rather than -# ../upgrade_control_plane? - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_7/master_config_upgrade.yml" # All controllers must be stopped at the same time then restarted - name: Cycle all controller services to force new leader election mode - hosts: oo_etcd_to_config + hosts: oo_masters_to_config gather_facts: no tasks: - name: Stop {{ openshift.common.service_type }}-master-controllers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index b91bea617..b905d6d86 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -80,7 +80,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger @@ -130,7 +129,7 @@ # All controllers must be stopped at the same time then restarted - name: Cycle all controller services to force new leader election mode - hosts: oo_etcd_to_config + hosts: oo_masters_to_config gather_facts: no tasks: - name: Stop {{ openshift.common.service_type }}-master-controllers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index f76fc68d1..7a28eeb27 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -15,7 +15,7 @@ - name: Confirm OpenShift authorization objects are in sync command: > {{ openshift.common.client_binary }} adm migrate authorization - when: not openshift.common.version_gte_3_7 | bool + when: openshift_currently_installed_version | version_compare('3.7','<') changed_when: false register: l_oc_result until: l_oc_result.rc == 0 diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/common/openshift-etcd/embedded2external.yml index 9264f3c32..b16b78c4f 100644 --- a/playbooks/common/openshift-etcd/embedded2external.yml +++ b/playbooks/common/openshift-etcd/embedded2external.yml @@ -158,7 +158,7 @@ tasks_from: configure_external_etcd vars: etcd_peer_url_scheme: "https" - etcd_ip: "{{ openshift.common.ip }}" + etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}" etcd_peer_port: 2379 # 9. start the master diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/common/openshift-glusterfs/config.yml index 80cda9e21..c2ae5f313 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/common/openshift-glusterfs/config.yml @@ -17,6 +17,11 @@ tasks_from: firewall.yml when: - openshift_storage_glusterfs_is_native | default(True) | bool + - include_role: + name: openshift_storage_glusterfs + tasks_from: kernel_modules.yml + when: + - openshift_storage_glusterfs_is_native | default(True) | bool - name: Open firewall ports for GlusterFS registry nodes hosts: glusterfs_registry @@ -26,6 +31,11 @@ tasks_from: firewall.yml when: - openshift_storage_glusterfs_registry_is_native | default(True) | bool + - include_role: + name: openshift_storage_glusterfs + tasks_from: kernel_modules.yml + when: + - openshift_storage_glusterfs_registry_is_native | default(True) | bool - name: Configure GlusterFS hosts: oo_first_master diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/common/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..facb3a5b9 --- /dev/null +++ b/playbooks/common/openshift-management/add_container_provider.yml @@ -0,0 +1,8 @@ +--- +- name: Add Container Provider to Management + hosts: oo_first_master + tasks: + - name: Run the Management Integration Tasks + include_role: + name: openshift_management + tasks_from: add_container_provider diff --git a/playbooks/common/openshift-management/uninstall.yml b/playbooks/common/openshift-management/uninstall.yml index 698d93405..9f35cc276 100644 --- a/playbooks/common/openshift-management/uninstall.yml +++ b/playbooks/common/openshift-management/uninstall.yml @@ -1,6 +1,6 @@ --- - name: Uninstall CFME - hosts: masters + hosts: masters[0] tasks: - name: Run the CFME Uninstall Role Tasks include_role: diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index 1b3eb268a..350557f19 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -25,10 +25,10 @@ - role: openshift_hosted_templates registry_url: "{{ openshift.master.registry_url }}" - role: openshift_manageiq - when: openshift_use_manageiq | default(false) | bool + when: openshift_use_manageiq | default(true) | bool - role: cockpit when: - - openshift.common.is_atomic + - not openshift.common.is_atomic | bool - deployment_type == 'openshift-enterprise' - osm_use_cockpit is undefined or osm_use_cockpit | bool - openshift.common.deployment_subtype != 'registry' diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 6e57f282e..7ce0362ef 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -206,6 +206,18 @@ when: openshift_use_nuage | default(false) | bool - role: calico_master when: openshift_use_calico | default(false) | bool + tasks: + - include_role: + name: kuryr + tasks_from: master + when: openshift_use_kuryr | default(false) | bool + + - name: Setup the node group config maps + include_role: + name: openshift_node_group + when: openshift_master_bootstrap_enabled | default(false) | bool + run_once: True + post_tasks: - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml new file mode 100644 index 000000000..9ae23bf5b --- /dev/null +++ b/playbooks/common/openshift-master/revert-client-ca.yml @@ -0,0 +1,17 @@ +--- +- name: Set servingInfo.clientCA = ca.crt in master config + hosts: oo_masters_to_config + tasks: + - name: Read master config + slurp: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + register: g_master_config_output + + # servingInfo.clientCA may be set as the client-ca-bundle.crt from + # CA redeployment and this task reverts that change. + - name: Set servingInfo.clientCA = ca.crt in master config + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index f4dc9df8a..05b37d59f 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -22,8 +22,13 @@ - name: restart master api service: name={{ openshift.common.service_type }}-master-controllers state=restarted notify: verify api server + # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 - name: verify api server command: > curl --silent --tlsv1.2 diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml index 560eea785..df3ea27b4 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml @@ -179,8 +179,13 @@ - yedit_output.changed - openshift.master.cluster_method == 'native' +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - yedit_output.changed - openshift.master.cluster_method == 'native' diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/common/openshift-node/additional_config.yml index fe51ef833..ac757397b 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/common/openshift-node/additional_config.yml @@ -19,10 +19,14 @@ - group_by: key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }} changed_when: False + # Create group for kuryr nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} + changed_when: False - include: etcd_client_config.yml vars: - openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv" + openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr" - name: Additional node config hosts: oo_nodes_use_flannel @@ -50,3 +54,11 @@ - role: contiv contiv_role: netplugin when: openshift_use_contiv | default(false) | bool + +- name: Configure Kuryr node + hosts: oo_nodes_use_kuryr + tasks: + - include_role: + name: kuryr + tasks_from: node + when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/common/openshift-node/clean_image.yml new file mode 100644 index 000000000..38753d0af --- /dev/null +++ b/playbooks/common/openshift-node/clean_image.yml @@ -0,0 +1,10 @@ +--- +- name: Configure nodes + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + tasks: + - name: Remove any ansible facts created during AMI creation + file: + path: "/etc/ansible/facts.d/{{ item }}" + state: absent + with_items: + - openshift.fact diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml index 00d167c22..30651a1df 100644 --- a/playbooks/common/openshift-node/image_prep.yml +++ b/playbooks/common/openshift-node/image_prep.yml @@ -19,3 +19,6 @@ - name: Re-enable excluders include: enable_excluders.yml + +- name: Remove any undesired artifacts from build + include: clean_image.yml diff --git a/roles/ansible_service_broker/defaults/main.yml b/roles/ansible_service_broker/defaults/main.yml index fa982d533..bea126618 100644 --- a/roles/ansible_service_broker/defaults/main.yml +++ b/roles/ansible_service_broker/defaults/main.yml @@ -1,7 +1,7 @@ --- ansible_service_broker_remove: false -ansible_service_broker_install: false +ansible_service_broker_install: true ansible_service_broker_log_level: info ansible_service_broker_output_request: false ansible_service_broker_recovery: true @@ -10,10 +10,10 @@ ansible_service_broker_dev_broker: false ansible_service_broker_refresh_interval: 600s # Recommended you do not enable this for now ansible_service_broker_launch_apb_on_bind: false +ansible_service_broker_keep_namespace_on_error: true +ansible_service_broker_keep_namespace: false ansible_service_broker_image_pull_policy: IfNotPresent ansible_service_broker_sandbox_role: edit -ansible_service_broker_auto_escalate: true -ansible_service_broker_registry_tag: latest -ansible_service_broker_registry_whitelist: - - '.*-apb$' +ansible_service_broker_auto_escalate: false +ansible_service_broker_local_registry_whitelist: [] diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml new file mode 100644 index 000000000..3da896548 --- /dev/null +++ b/roles/ansible_service_broker/tasks/generate_certs.yml @@ -0,0 +1,44 @@ +--- + +- when: ansible_service_broker_certs_dir is undefined + block: + - name: Create ansible-service-broker cert directory + file: + path: "{{ openshift.common.config_base }}/ansible-service-broker" + state: directory + mode: 0755 + check_mode: no + + - name: Create self signing ca cert + command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' + args: + creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem' + + - name: Create self signed client cert + command: '{{ item.cmd }}' + args: + creates: '{{ item.creates }}' + with_items: + - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key' + - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr' + - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem' + + - set_fact: + ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" + +- name: Read in certs for etcd + slurp: + src: '{{ ansible_service_broker_certs_dir }}/{{ item }}' + register: asb_etcd_certs + with_items: + - cert.pem + - client.pem + - client.key + +- set_fact: + etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}" + etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}" + etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}" diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 0f4b71124..ff90f59a3 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -22,21 +22,17 @@ ansible_service_broker_registry_user: "{{ ansible_service_broker_registry_user | default(__ansible_service_broker_registry_user) }}" ansible_service_broker_registry_password: "{{ ansible_service_broker_registry_password | default(__ansible_service_broker_registry_password) }}" ansible_service_broker_registry_organization: "{{ ansible_service_broker_registry_organization | default(__ansible_service_broker_registry_organization) }}" - - ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/service-catalog" + ansible_service_broker_registry_tag: "{{ ansible_service_broker_registry_tag | default(__ansible_service_broker_registry_tag) }}" + ansible_service_broker_registry_whitelist: "{{ ansible_service_broker_registry_whitelist | default(__ansible_service_broker_registry_whitelist) }}" - name: set ansible-service-broker image facts using set prefix and tag set_fact: ansible_service_broker_image: "{{ ansible_service_broker_image_prefix }}ansible-service-broker:{{ ansible_service_broker_image_tag }}" ansible_service_broker_etcd_image: "{{ ansible_service_broker_etcd_image_prefix }}etcd:{{ ansible_service_broker_etcd_image_tag }}" -- slurp: - src: "{{ ansible_service_broker_certs_dir }}/ca.crt" - register: catalog_ca - - - include: validate_facts.yml +- include: generate_certs.yml # Deployment of ansible-service-broker starts here - name: create openshift-ansible-service-broker project @@ -73,19 +69,21 @@ - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] - name: Create asb-access cluster role oc_clusterrole: state: present name: asb-access rules: - - nonResourceURLs: ["/ansible-service-broker", "ansible-service-broker/*"] + - nonResourceURLs: ["/ansible-service-broker", "/ansible-service-broker/*"] verbs: ["get", "post", "put", "patch", "delete"] - name: Bind admin cluster-role to asb serviceaccount oc_adm_policy_user: state: present - namespace: openshift-ansible-service-broker resource_kind: cluster-role resource_name: admin user: "system:serviceaccount:openshift-ansible-service-broker:asb" @@ -93,7 +91,6 @@ - name: Bind auth cluster role to asb service account oc_adm_policy_user: state: present - namespace: openshift-ansible-service-broker resource_kind: cluster-role resource_name: asb-auth user: "system:serviceaccount:openshift-ansible-service-broker:asb" @@ -101,7 +98,6 @@ - name: Bind asb-access role to asb-client service account oc_adm_policy_user: state: present - namespace: openshift-ansible-service-broker resource_kind: cluster-role resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" @@ -109,6 +105,7 @@ - name: create asb-client token secret oc_obj: name: asb-client + namespace: openshift-ansible-service-broker state: present kind: Secret content: @@ -118,10 +115,38 @@ kind: Secret metadata: name: asb-client + namespace: openshift-ansible-service-broker annotations: kubernetes.io/service-account.name: asb-client type: kubernetes.io/service-account-token +- name: Create etcd-auth secret + oc_secret: + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: ca.crt + data: '{{ etcd_ca_cert }}' + +- name: Create broker-etcd-auth secret + oc_secret: + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: client.crt + data: '{{ etcd_client_cert }}' + - path: client.key + data: '{{ etcd_client_key }}' + +- oc_secret: + state: list + namespace: openshift-ansible-service-broker + name: asb-client + register: asb_client_secret + +- set_fact: + service_ca_crt: "{{ asb_client_secret.results.results.0.data['service-ca.crt'] }}" + # Using oc_obj because oc_service doesn't seem to allow annotations # TODO: Extend oc_service to allow annotations - name: create ansible-service-broker service @@ -137,6 +162,7 @@ kind: Service metadata: name: asb + namespace: openshift-ansible-service-broker labels: app: openshift-ansible-service-broker service: asb @@ -152,6 +178,34 @@ app: openshift-ansible-service-broker service: asb +- name: create asb-etcd service + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + state: present + kind: Service + content: + path: /tmp/asbetcdsvcout + data: + apiVersion: v1 + kind: Service + metadata: + name: asb-etcd + labels: + app: etcd + service: asb-etcd + annotations: + service.alpha.openshift.io/serving-cert-secret-name: etcd-tls + spec: + ports: + - name: port-2379 + port: 2379 + targetPort: 2379 + protocol: TCP + selector: + app: etcd + service: asb-etcd + - name: create route for ansible-service-broker service oc_route: name: asb-1338 @@ -223,6 +277,8 @@ mountPath: /etc/ansible-service-broker - name: asb-tls mountPath: /etc/tls/private + - name: asb-etcd-auth + mountPath: /var/run/asb-etcd-auth ports: - containerPort: 1338 protocol: TCP @@ -231,7 +287,64 @@ value: /etc/ansible-service-broker/config.yaml resources: {} terminationMessagePath: /tmp/termination-log + readinessProbe: + httpGet: + port: 1338 + path: /healthz + scheme: HTTPS + initialDelaySeconds: 15 + timeoutSeconds: 1 + livenessProbe: + httpGet: + port: 1338 + path: /healthz + scheme: HTTPS + initialDelaySeconds: 15 + timeoutSeconds: 1 + volumes: + - name: config-volume + configMap: + name: broker-config + items: + - key: broker-config + path: config.yaml + - name: asb-tls + secret: + secretName: asb-tls + - name: asb-etcd-auth + secret: + secretName: broker-etcd-auth-secret +- name: Create asb-etcd deployment config + oc_obj: + name: etcd + namespace: openshift-ansible-service-broker + state: present + kind: DeploymentConfig + content: + path: /tmp/dcout + data: + apiVersion: v1 + kind: DeploymentConfig + metadata: + name: asb-etcd + labels: + app: etcd + service: asb-etcd + spec: + replicas: 1 + selector: + app: etcd + strategy: + type: Rolling + template: + metadata: + labels: + app: etcd + service: asb-etcd + spec: + serviceAccount: asb + containers: - image: "{{ ansible_service_broker_etcd_image }}" name: etcd imagePullPolicy: IfNotPresent @@ -240,8 +353,12 @@ args: - "{{ ansible_service_broker_etcd_image_etcd_path }}" - "--data-dir=/data" - - "--listen-client-urls=http://0.0.0.0:2379" - - "--advertise-client-urls=http://0.0.0.0:2379" + - "--listen-client-urls=https://0.0.0.0:2379" + - "--advertise-client-urls=https://0.0.0.0:2379" + - "--client-cert-auth" + - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt" + - "--cert-file=/etc/tls/private/tls.crt" + - "--key-file=/etc/tls/private/tls.key" ports: - containerPort: 2379 protocol: TCP @@ -249,21 +366,22 @@ - name: ETCDCTL_API value: "3" volumeMounts: - - mountPath: /data - name: etcd + - name: etcd + mountPath: /data + - name: etcd-tls + mountPath: /etc/tls/private + - name: etcd-auth + mountPath: /var/run/etcd-auth-secret volumes: - name: etcd persistentVolumeClaim: claimName: etcd - - name: config-volume - configMap: - name: broker-config - items: - - key: broker-config - path: config.yaml - - name: asb-tls + - name: etcd-tls secret: - secretName: asb-tls + secretName: etcd-tls + - name: etcd-auth + secret: + secretName: etcd-auth-secret # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: @@ -289,16 +407,20 @@ - type: {{ ansible_service_broker_registry_type }} name: {{ ansible_service_broker_registry_name }} url: {{ ansible_service_broker_registry_url }} - user: {{ ansible_service_broker_registry_user }} - pass: {{ ansible_service_broker_registry_password }} org: {{ ansible_service_broker_registry_organization }} tag: {{ ansible_service_broker_registry_tag }} - white_list: {{ ansible_service_broker_registry_whitelist }} + white_list: {{ ansible_service_broker_registry_whitelist | to_yaml }} + - type: local_openshift + name: localregistry + namespaces: ['openshift'] + white_list: {{ ansible_service_broker_local_registry_whitelist | to_yaml }} dao: - etcd_host: 0.0.0.0 + etcd_host: asb-etcd.openshift-ansible-service-broker.svc etcd_port: 2379 + etcd_ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + etcd_client_cert: /var/run/asb-etcd-auth/client.crt + etcd_client_key: /var/run/asb-etcd-auth/client.key log: - logfile: /var/log/ansible-service-broker/asb.log stdout: true level: {{ ansible_service_broker_log_level }} color: true @@ -308,6 +430,8 @@ bearer_token_file: "" sandbox_role: {{ ansible_service_broker_sandbox_role }} image_pull_policy: {{ ansible_service_broker_image_pull_policy }} + keep_namespace: {{ ansible_service_broker_keep_namespace | bool | lower }} + keep_namespace_on_error: {{ ansible_service_broker_keep_namespace_on_error | bool | lower }} broker: dev_broker: {{ ansible_service_broker_dev_broker | bool | lower }} bootstrap_on_startup: {{ ansible_service_broker_bootstrap_on_startup | bool | lower }} @@ -322,25 +446,34 @@ - type: basic enabled: false +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: "{{ ansible_service_broker_registry_user }}" + - path: password + data: "{{ ansible_service_broker_registry_password }}" - name: Create the Broker resource in the catalog oc_obj: name: ansible-service-broker state: present - kind: ServiceBroker + kind: ClusterServiceBroker content: path: /tmp/brokerout data: - apiVersion: servicecatalog.k8s.io/v1alpha1 - kind: ServiceBroker + apiVersion: servicecatalog.k8s.io/v1beta1 + kind: ClusterServiceBroker metadata: name: ansible-service-broker spec: - url: http://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker + url: https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker authInfo: bearer: secretRef: name: asb-client namespace: openshift-ansible-service-broker kind: Secret - caBundle: "{{ catalog_ca.content }}" + caBundle: "{{ service_ca_crt }}" diff --git a/roles/ansible_service_broker/tasks/main.yml b/roles/ansible_service_broker/tasks/main.yml index d8695bd3a..f5e06d163 100644 --- a/roles/ansible_service_broker/tasks/main.yml +++ b/roles/ansible_service_broker/tasks/main.yml @@ -2,7 +2,7 @@ # do any asserts here - include: install.yml - when: ansible_service_broker_install | default(false) | bool + when: ansible_service_broker_install | bool - include: remove.yml - when: ansible_service_broker_remove | default(false) | bool + when: ansible_service_broker_remove | bool diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index f0a6be226..a1ac740e0 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -46,18 +46,42 @@ resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + - name: remove asb-client token secret oc_secret: state: absent name: asb-client namespace: openshift-ansible-service-broker +- name: Remove etcd-auth secret + oc_secret: + state: absent + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + +- name: Remove broker-etcd-auth secret + oc_secret: + state: absent + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + - name: remove ansible-service-broker service oc_service: name: asb namespace: openshift-ansible-service-broker state: absent +- name: remove asb-etcd service + oc_service: + state: absent + name: asb-etcd + namespace: openshift-ansible-service-broker + - name: remove etcd service oc_service: name: etcd @@ -83,11 +107,19 @@ kind: DeploymentConfig state: absent +- name: remove Ansible Service Broker etcd deployment config + oc_obj: + name: asb-etcd + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: absent + + - name: remove secret for broker auth oc_obj: - name: asb-auth-secret + name: asb-client namespace: openshift-ansible-service-broker - kind: Broker + kind: Secret state: absent # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: @@ -99,11 +131,17 @@ kind: ConfigMap # TODO: Is this going to work? +- shell: > + oc get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" + register: get_apiservices + changed_when: no + - name: remove broker object from the catalog oc_obj: name: ansible-service-broker state: absent - kind: ServiceBroker + kind: ClusterServiceBroker + when: not "'not found' in get_apiservices.stdout" - name: remove openshift-ansible-service-broker project oc_project: diff --git a/roles/ansible_service_broker/tasks/validate_facts.yml b/roles/ansible_service_broker/tasks/validate_facts.yml index 604d24e1d..a2345551b 100644 --- a/roles/ansible_service_broker/tasks/validate_facts.yml +++ b/roles/ansible_service_broker/tasks/validate_facts.yml @@ -1,11 +1,9 @@ --- - name: validate Dockerhub registry settings - fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_user. ansible_service_broker_registry_password, and ansible_service_broker_registry_organization parameters" + fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_organization" when: - ansible_service_broker_registry_type == 'dockerhub' - - not (ansible_service_broker_registry_user and - ansible_service_broker_registry_password and - ansible_service_broker_registry_organization) + - not ansible_service_broker_registry_organization - name: validate RHCC registry settings diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml index 3e9639adf..248e0363d 100644 --- a/roles/ansible_service_broker/vars/default_images.yml +++ b/roles/ansible_service_broker/vars/default_images.yml @@ -12,4 +12,6 @@ __ansible_service_broker_registry_name: dh __ansible_service_broker_registry_url: null __ansible_service_broker_registry_user: null __ansible_service_broker_registry_password: null -__ansible_service_broker_registry_organization: null +__ansible_service_broker_registry_organization: ansibleplaybookbundle +__ansible_service_broker_registry_tag: latest +__ansible_service_broker_registry_whitelist: [] diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml index 9c576cb76..c203f596e 100644 --- a/roles/ansible_service_broker/vars/openshift-enterprise.yml +++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml @@ -1,9 +1,9 @@ --- __ansible_service_broker_image_prefix: registry.access.redhat.com/openshift3/ose- -__ansible_service_broker_image_tag: v3.6 +__ansible_service_broker_image_tag: v3.7 -__ansible_service_broker_etcd_image_prefix: rhel7/ +__ansible_service_broker_etcd_image_prefix: registry.access.redhat.com/rhel7/ __ansible_service_broker_etcd_image_tag: latest __ansible_service_broker_etcd_image_etcd_path: /bin/etcd @@ -14,3 +14,6 @@ __ansible_service_broker_registry_url: "https://registry.access.redhat.com" __ansible_service_broker_registry_user: null __ansible_service_broker_registry_password: null __ansible_service_broker_registry_organization: null +__ansible_service_broker_registry_tag: v3.7 +__ansible_service_broker_registry_whitelist: + - '.*-apb$' diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index 244e2cc41..09f4259a2 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -37,7 +37,6 @@ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} changed_when: False - # TODO: Need to fix the origin and enterprise templates so that they both respect IMAGE_PREFIX - name: Deploy registry-console command: > {{ openshift.common.client_binary }} new-app --template=registry-console diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 1c830cb4e..c086c28df 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -20,4 +20,19 @@ l2_docker_additional_registries: "{% if openshift_docker_additional_registries i l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}" l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}" +openshift_docker_use_etc_containers: False containers_registries_conf_path: /etc/containers/registries.conf + +r_crio_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" +r_crio_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" + +r_crio_os_firewall_deny: [] +r_crio_os_firewall_allow: +- service: crio + port: 10010/tcp + + +openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}" + +docker_alt_storage_path: /var/lib/containers/docker +docker_default_storage_path: /var/lib/docker diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index b773a417c..62b8a2eb5 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -11,3 +11,4 @@ galaxy_info: - 7 dependencies: - role: lib_openshift +- role: lib_os_firewall diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/docker/tasks/crio_firewall.yml new file mode 100644 index 000000000..fbd1ff515 --- /dev/null +++ b/roles/docker/tasks/crio_firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" + +- when: r_crio_firewall_enabled | bool and r_crio_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f73f90686..3c814d8d8 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -10,12 +10,30 @@ l_use_crio: "{{ openshift_use_crio | default(False) }}" l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}" +- name: Add enterprise registry, if necessary + set_fact: + l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" + when: + - openshift.common.deployment_type == 'openshift-enterprise' + - openshift_docker_ent_reg != '' + - openshift_docker_ent_reg not in l2_docker_additional_registries + - not l_use_crio_only + - name: Use Package Docker if Requested include: package_docker.yml when: - not l_use_system_container - not l_use_crio_only +- name: Ensure /var/lib/containers exists + file: + path: /var/lib/containers + state: directory + +- name: Fix SELinux Permissions on /var/lib/containers + command: "restorecon -R /var/lib/containers/" + changed_when: false + - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: @@ -26,4 +44,49 @@ include: systemcontainer_crio.yml when: - l_use_crio - - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config'] + - openshift_docker_is_node_or_master | bool + +- name: stat the docker data dir + stat: + path: "{{ docker_default_storage_path }}" + register: dockerstat + +- when: + - l_use_crio + - dockerstat.stat.islink is defined and not (dockerstat.stat.islink | bool) + block: + - name: stop the current running docker + systemd: + state: stopped + name: "{{ openshift.docker.service_name }}" + + - name: "Ensure {{ docker_alt_storage_path }} exists" + file: + path: "{{ docker_alt_storage_path }}" + state: directory + + - name: "Set the selinux context on {{ docker_alt_storage_path }}" + command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc == 1 + - "'already exists' not in results.stderr" + + - name: "restorecon the {{ docker_alt_storage_path }}" + command: "restorecon -r {{ docker_alt_storage_path }}" + + - name: Remove the old docker location + file: + state: absent + path: "{{ docker_default_storage_path }}" + + - name: Setup the link + file: + state: link + src: "{{ docker_alt_storage_path }}" + path: "{{ docker_default_storage_path }}" + + - name: start docker + systemd: + state: started + name: "{{ openshift.docker.service_name }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 7ccab37a5..c1aedf879 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -52,14 +52,6 @@ - restart docker when: not (os_firewall_use_firewalld | default(False)) | bool -- name: Add enterprise registry, if necessary - set_fact: - l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" - when: - - openshift.common.deployment_type == 'openshift-enterprise' - - openshift_docker_ent_reg != '' - - openshift_docker_ent_reg not in l2_docker_additional_registries - - stat: path=/etc/sysconfig/docker register: docker_check @@ -89,6 +81,7 @@ template: dest: "{{ containers_registries_conf_path }}" src: registries.conf + when: openshift_docker_use_etc_containers | bool notify: - restart docker @@ -161,16 +154,6 @@ - set_fact: docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" -- name: Check for credentials file for registry auth - stat: - path: "{{ docker_cli_auth_config_path }}/config.json" - when: oreg_auth_user is defined - register: docker_cli_auth_credentials_stat - -- name: Create credentials for docker cli registry auth - command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool +- include: registry_auth.yml - meta: flush_handlers diff --git a/roles/docker/tasks/registry_auth.yml b/roles/docker/tasks/registry_auth.yml new file mode 100644 index 000000000..d05b7f2b8 --- /dev/null +++ b/roles/docker/tasks/registry_auth.yml @@ -0,0 +1,16 @@ +--- +- name: Check for credentials file for registry auth + stat: + path: "{{ docker_cli_auth_config_path }}/config.json" + when: oreg_auth_user is defined + register: docker_cli_auth_credentials_stat + +- name: Create credentials for docker cli registry auth + command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + register: openshift_docker_credentials_create_res + retries: 3 + delay: 5 + until: openshift_docker_credentials_create_res.rc == 0 + when: + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index a79600930..1e2d64293 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -3,16 +3,16 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" - when: l2_docker_insecure_registries + when: l2_docker_insecure_registries | bool - set_fact: l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" - when: l2_docker_additional_registries + when: l2_docker_additional_registries | bool - set_fact: l_crio_registries: "{{ ['docker.io'] }}" - when: not l2_docker_additional_registries + when: not (l2_docker_additional_registries | bool) - set_fact: l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - when: l2_docker_additional_registries + when: l2_docker_additional_registries | bool - set_fact: l_openshift_image_tag: "{{ openshift_image_tag | string }}" @@ -62,7 +62,7 @@ shell: lsmod | grep overlay register: l_has_overlay_in_kernel ignore_errors: yes - + failed_when: false - when: l_has_overlay_in_kernel.rc != 0 block: @@ -82,36 +82,10 @@ enabled: yes state: restarted - -- block: - - - name: Add http_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?http_proxy[:=]{1}" - line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" - when: - - openshift.common.http_proxy is defined - - openshift.common.http_proxy != '' - - - name: Add https_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?https_proxy[:=]{1}" - line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" - when: - - openshift.common.https_proxy is defined - - openshift.common.https_proxy != '' - - - name: Add no_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?no_proxy[:=]{1}" - line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" - when: - - openshift.common.no_proxy is defined - - openshift.common.no_proxy != '' - +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - block: @@ -187,6 +161,10 @@ path: /etc/cni/net.d/ state: directory +- name: setup firewall for CRI-O + include: crio_firewall.yml + static: yes + - name: Configure the CNI network template: dest: /etc/cni/net.d/openshift-sdn.conf diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 15c6a55db..aa3b35ddd 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -68,38 +68,10 @@ retries: 3 delay: 30 - -# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf -# regexp: the line starts with or without #, followed by the string -# http_proxy, then either : or = -- block: - - - name: Add http_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?http_proxy[:=]{1}" - line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" - when: - - openshift.common.http_proxy is defined - - openshift.common.http_proxy != '' - - - name: Add https_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?https_proxy[:=]{1}" - line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" - when: - - openshift.common.https_proxy is defined - - openshift.common.https_proxy != '' - - - name: Add no_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?no_proxy[:=]{1}" - line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" - when: - - openshift.common.no_proxy is defined - - openshift.common.no_proxy != '' +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - block: @@ -201,4 +173,6 @@ - set_fact: docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result | changed }}" +- include: registry_auth.yml + - meta: flush_handlers diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 index b715c2ffa..93014a80d 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/docker/templates/crio.conf.j2 @@ -108,7 +108,7 @@ pids_limit = 1024 # log_size_max is the max limit for the container log size in bytes. # Negative values indicate that no limit is imposed. -log_size_max = -1 +log_size_max = 52428800 # The "crio.image" table contains settings pertaining to the # management of OCI images. diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 78f231416..4b734d4ed 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -13,8 +13,6 @@ r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'h # etcd server vars etcd_conf_dir: '/etc/etcd' -r_etcd_common_system_container_host_dir: /var/lib/etcd/etcd.etcd -etcd_system_container_conf_dir: /var/lib/etcd/etc etcd_conf_file: "{{ etcd_conf_dir }}/etcd.conf" etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" @@ -54,7 +52,7 @@ etcd_is_containerized: False etcd_is_thirdparty: False # etcd dir vars -etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' if r_etcd_common_etcd_runtime != 'runc' else '/var/lib/etcd/etcd.etcd/' }}" +etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}" # etcd ports and protocols etcd_client_port: 2379 diff --git a/roles/etcd/tasks/backup.force_new_cluster.yml b/roles/etcd/tasks/backup.force_new_cluster.yml index 24bd0540d..d2e866416 100644 --- a/roles/etcd/tasks/backup.force_new_cluster.yml +++ b/roles/etcd/tasks/backup.force_new_cluster.yml @@ -3,10 +3,10 @@ - name: Move content of etcd backup under the etcd data directory command: > - mv "{{ l_etcd_backup_dir }}/member" "{{ l_etcd_data_dir }}" + mv "{{ l_etcd_backup_dir }}/member" "{{ etcd_data_dir }}" - name: Set etcd group for the etcd data directory command: > - chown -R etcd:etcd "{{ l_etcd_data_dir }}" + chown -R etcd:etcd "{{ etcd_data_dir }}" - include: auxiliary/force_new_cluster.yml diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index ec1a1989c..ca0d29155 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -3,7 +3,7 @@ # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ l_etcd_data_dir }} | tail -n 1 + shell: df --output=avail -k {{ etcd_data_dir }} | tail -n 1 register: l_avail_disk # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -11,7 +11,7 @@ # TODO: replace shell module with command and update later checks - name: Check current etcd disk usage - shell: du --exclude='*openshift-backup*' -k {{ l_etcd_data_dir }} | tail -n 1 | cut -f1 + shell: du --exclude='*openshift-backup*' -k {{ etcd_data_dir }} | tail -n 1 | cut -f1 register: l_etcd_disk_usage # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -44,17 +44,17 @@ - r_etcd_common_embedded_etcd | bool - not l_ostree_booted.stat.exists | bool -- name: Check selinux label of '{{ l_etcd_data_dir }}' +- name: Check selinux label of '{{ etcd_data_dir }}' command: > - stat -c '%C' {{ l_etcd_data_dir }} + stat -c '%C' {{ etcd_data_dir }} register: l_etcd_selinux_labels - debug: msg: "{{ l_etcd_selinux_labels }}" -- name: Make sure the '{{ l_etcd_data_dir }}' has the proper label +- name: Make sure the '{{ etcd_data_dir }}' has the proper label command: > - chcon -t svirt_sandbox_file_t "{{ l_etcd_data_dir }}" + chcon -t svirt_sandbox_file_t "{{ etcd_data_dir }}" when: - l_etcd_selinux_labels.rc == 0 - "'svirt_sandbox_file_t' not in l_etcd_selinux_labels.stdout" @@ -68,12 +68,12 @@ # https://github.com/openshift/openshift-docs/commit/b38042de02d9780842dce95cfa0ef45d53b58bc6 - name: Check for v3 data store stat: - path: "{{ l_etcd_data_dir }}/member/snap/db" + path: "{{ etcd_data_dir }}/member/snap/db" register: l_v3_db - name: Copy etcd v3 data store command: > - cp -a {{ l_etcd_data_dir }}/member/snap/db + cp -a {{ etcd_data_dir }}/member/snap/db {{ l_etcd_backup_dir }}/member/snap/ when: l_v3_db.stat.exists diff --git a/roles/etcd/tasks/backup/copy.yml b/roles/etcd/tasks/backup/copy.yml index 16604bae8..967e5ee66 100644 --- a/roles/etcd/tasks/backup/copy.yml +++ b/roles/etcd/tasks/backup/copy.yml @@ -2,4 +2,4 @@ - name: Copy etcd backup copy: src: "{{ etcd_backup_sync_directory }}/{{ l_backup_dir_name }}.tgz" - dest: "{{ l_etcd_data_dir }}" + dest: "{{ etcd_data_dir }}" diff --git a/roles/etcd/tasks/backup/unarchive.yml b/roles/etcd/tasks/backup/unarchive.yml index 6c75d00a7..a85f533c2 100644 --- a/roles/etcd/tasks/backup/unarchive.yml +++ b/roles/etcd/tasks/backup/unarchive.yml @@ -11,4 +11,4 @@ # src: "{{ l_etcd_backup_dir }}.tgz" # dest: "{{ l_etcd_backup_dir }}" command: > - tar -xf "{{ l_etcd_backup_dir }}.tgz" -C "{{ l_etcd_data_dir }}" + tar -xf "{{ l_etcd_backup_dir }}.tgz" -C "{{ etcd_data_dir }}" diff --git a/roles/etcd/tasks/backup/vars.yml b/roles/etcd/tasks/backup/vars.yml index 3c009f557..3ffa641b3 100644 --- a/roles/etcd/tasks/backup/vars.yml +++ b/roles/etcd/tasks/backup/vars.yml @@ -6,13 +6,10 @@ l_backup_dir_name: "openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" - set_fact: - l_etcd_data_dir: "{{ etcd_data_dir }}{{ '/etcd.etcd' if r_etcd_common_etcd_runtime == 'runc' else '' }}" - -- set_fact: l_etcd_incontainer_data_dir: "{{ etcd_data_dir }}" - set_fact: l_etcd_incontainer_backup_dir: "{{ l_etcd_incontainer_data_dir }}/{{ l_backup_dir_name }}" - set_fact: - l_etcd_backup_dir: "{{ l_etcd_data_dir }}/{{ l_backup_dir_name }}" + l_etcd_backup_dir: "{{ etcd_data_dir }}/{{ l_backup_dir_name }}" diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index 26492fb3c..00b8f4a0b 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -12,9 +12,6 @@ - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt" - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt" - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt" register: g_etcd_server_cert_stat_result when: not etcd_certificates_redeploy | default(false) | bool @@ -141,7 +138,6 @@ state: directory with_items: - "{{ etcd_cert_config_dir }}" - - "{{ etcd_system_container_cert_config_dir }}" when: etcd_server_certs_missing | bool - name: Unarchive cert tarball @@ -176,25 +172,8 @@ state: directory with_items: - "{{ etcd_ca_dir }}" - - "{{ etcd_system_container_cert_config_dir }}/ca" when: etcd_server_certs_missing | bool -- name: Unarchive cert tarball for the system container - unarchive: - src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" - dest: "{{ etcd_system_container_cert_config_dir }}" - when: - - etcd_server_certs_missing | bool - - r_etcd_common_etcd_runtime == 'runc' - -- name: Unarchive etcd ca cert tarballs for the system container - unarchive: - src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_ca_name }}.tgz" - dest: "{{ etcd_system_container_cert_config_dir }}/ca" - when: - - etcd_server_certs_missing | bool - - r_etcd_common_etcd_runtime == 'runc' - - name: Delete temporary directory local_action: file path="{{ g_etcd_server_mktemp.stdout }}" state=absent become: no diff --git a/roles/etcd/tasks/migration/check.yml b/roles/etcd/tasks/migration/check.yml index 0804d9e1c..5c45e5ae1 100644 --- a/roles/etcd/tasks/migration/check.yml +++ b/roles/etcd/tasks/migration/check.yml @@ -3,6 +3,17 @@ # Check the cluster is healthy - include: check_cluster_health.yml +# Check if there is at least one v2 snapshot +- name: Check if there is at least one v2 snapshot + find: + paths: "{{ etcd_data_dir }}/member/snap" + patterns: '*.snap' + register: snapshots_result + +- fail: + msg: "Before the migration can proceed the etcd member must write down at least one snapshot under {{ etcd_data_dir }}/member/snap directory." + when: snapshots_result.matched | int == 0 + # Check if the member has v3 data already # Run the migration only if the data are v2 - name: Check if there are any v3 data diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index 024479fb4..f71d9b551 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -1,6 +1,8 @@ --- -- set_fact: - l_etcd_src_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}" +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - name: Pull etcd system container command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} @@ -52,36 +54,13 @@ - name: Systemd reload configuration systemd: name=etcd_container daemon_reload=yes -- name: Check for previous etcd data store - stat: - path: "{{ l_etcd_src_data_dir }}/member/" - register: src_datastore - -- name: Check for etcd system container data store - stat: - path: "{{ r_etcd_common_system_container_host_dir }}/etcd.etcd/member" - register: dest_datastore - -- name: Ensure that etcd system container data dirs exist - file: path="{{ item }}" state=directory - with_items: - - "{{ r_etcd_common_system_container_host_dir }}/etc" - - "{{ r_etcd_common_system_container_host_dir }}/etcd.etcd" - -- name: Copy etcd data store - command: > - cp -a {{ l_etcd_src_data_dir }}/member - {{ r_etcd_common_system_container_host_dir }}/etcd.etcd/member - when: - - src_datastore.stat.exists - - not dest_datastore.stat.exists - - name: Install or Update Etcd system container package oc_atomic_container: name: etcd image: "{{ openshift.etcd.etcd_image }}" state: latest values: + - ETCD_DATA_DIR=/var/lib/etcd - ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} - ETCD_NAME={{ etcd_hostname }} - ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster }} @@ -90,11 +69,21 @@ - ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} - ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} - ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} - - ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt - - ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key - - ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt - - ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key - - ETCD_TRUSTED_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_PEER_TRUSTED_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + - ETCD_CA_FILE={{ etcd_ca_file }} + - ETCD_CERT_FILE={{ etcd_cert_file }} + - ETCD_KEY_FILE={{ etcd_key_file }} + - ETCD_PEER_CA_FILE={{ etcd_peer_ca_file }} + - ETCD_PEER_CERT_FILE={{ etcd_peer_cert_file }} + - ETCD_PEER_KEY_FILE={{ etcd_peer_key_file }} + - ETCD_TRUSTED_CA_FILE={{ etcd_ca_file }} + - ETCD_PEER_TRUSTED_CA_FILE={{ etcd_peer_ca_file }} + - 'ADDTL_MOUNTS=,{"type":"bind","source":"/etc/","destination":"/etc/","options":["rbind","rw","rslave"]},{"type":"bind","source":"/var/lib/etcd","destination":"/var/lib/etcd/","options":["rbind","rw","rslave"]}' + +- name: Ensure etcd datadir ownership for the system container + file: + path: "{{ etcd_data_dir }}" + state: directory + mode: 0700 + owner: root + group: root + recurse: True diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 25f9405af..b17358882 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -31,6 +31,7 @@ GlusterFS Install : Not Started Hosted Install : Complete Metrics Install : Not Started Logging Install : Not Started +Prometheus Install : Not Started Service Catalog Install : Not Started ----------------------------------------------------- @@ -49,6 +50,7 @@ GlusterFS Install : Not Started Hosted Install : Not Started Metrics Install : Not Started Logging Install : Not Started +Prometheus Install : Not Started Service Catalog Install : Not Started ''' @@ -70,6 +72,7 @@ class CallbackModule(CallbackBase): # Set the order of the installer phases installer_phases = [ 'installer_phase_initialize', + 'installer_phase_health', 'installer_phase_etcd', 'installer_phase_nfs', 'installer_phase_loadbalancer', @@ -80,6 +83,7 @@ class CallbackModule(CallbackBase): 'installer_phase_hosted', 'installer_phase_metrics', 'installer_phase_logging', + 'installer_phase_prometheus', 'installer_phase_servicecatalog', 'installer_phase_management', ] @@ -90,6 +94,10 @@ class CallbackModule(CallbackBase): 'title': 'Initialization', 'playbook': '' }, + 'installer_phase_health': { + 'title': 'Health Check', + 'playbook': 'playbooks/byo/openshift-checks/pre-install.yml' + }, 'installer_phase_etcd': { 'title': 'etcd Install', 'playbook': 'playbooks/byo/openshift-etcd/config.yml' @@ -130,6 +138,10 @@ class CallbackModule(CallbackBase): 'title': 'Logging Install', 'playbook': 'playbooks/byo/openshift-cluster/openshift-logging.yml' }, + 'installer_phase_prometheus': { + 'title': 'Prometheus Install', + 'playbook': 'playbooks/byo/openshift-cluster/openshift-prometheus.yml' + }, 'installer_phase_servicecatalog': { 'title': 'Service Catalog Install', 'playbook': 'playbooks/byo/openshift-cluster/service-catalog.yml' @@ -159,11 +171,6 @@ class CallbackModule(CallbackBase): self._display.display( '\tThis phase can be restarted by running: {}'.format( phase_attributes[phase]['playbook'])) - else: - # Phase was not found in custom stats - self._display.display( - '{}{}: {}'.format(phase_title, ' ' * padding, 'Not Started'), - color=C.COLOR_SKIP) self._display.display("", screen_only=True) diff --git a/roles/kuryr/README.md b/roles/kuryr/README.md new file mode 100644 index 000000000..7b618f902 --- /dev/null +++ b/roles/kuryr/README.md @@ -0,0 +1,38 @@ +## OpenStack Kuryr + +Install Kuryr CNI components (kuryr-controller, kuryr-cni) on Master and worker +nodes. Kuryr uses OpenStack Networking service (Neutron) to provide network for +pods. This allows to have interconnectivity between pods and OpenStack VMs. + +## Requirements + +* Ansible 2.2+ +* Centos/ RHEL 7.3+ + +## Current Kuryr restrictions when used with OpenShift + +* Openshift Origin only +* OpenShift on OpenStack Newton or newer (only with Trunk ports) + +## Key Ansible inventory Kuryr master configuration parameters + +* ``openshift_use_kuryr=True`` +* ``openshift_use_openshift_sdn=False`` +* ``openshift_sdn_network_plugin_name='cni'`` +* ``kuryr_cni_link_interface=eth0`` +* ``kuryr_openstack_auth_url=keystone_url`` +* ``kuryr_openstack_user_domain_name=Default`` +* ``kuryr_openstack_user_project_name=Default`` +* ``kuryr_openstack_project_id=project_uuid`` +* ``kuryr_openstack_username=kuryr`` +* ``kuryr_openstack_password=kuryr_pass`` +* ``kuryr_openstack_pod_sg_id=pod_security_group_uuid`` +* ``kuryr_openstack_pod_subnet_id=pod_subnet_uuid`` +* ``kuryr_openstack_pod_service_id=service_subnet_uuid`` +* ``kuryr_openstack_pod_project_id=pod_project_uuid`` +* ``kuryr_openstack_worker_nodes_subnet_id=worker_nodes_subnet_uuid`` + +## Kuryr resources + +* [Kuryr documentation](https://docs.openstack.org/kuryr-kubernetes/latest/) +* [Installing Kuryr containerized](https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html) diff --git a/roles/kuryr/defaults/main.yaml b/roles/kuryr/defaults/main.yaml new file mode 100644 index 000000000..af05d80df --- /dev/null +++ b/roles/kuryr/defaults/main.yaml @@ -0,0 +1,72 @@ +--- +# Kuryr conf directory +kuryr_config_dir: /etc/kuryr + +# Kuryr username +kuryr_openstack_username: kuryr + +# Kuryr domain name or id containing user +kuryr_openstack_user_domain_name: default + +# Kuryr domain name or id containing project +kuryr_openstack_project_domain_name: default + +# Kuryr OpenShift namespace +kuryr_namespace: kube-system + +# Whether to run the cni plugin in debug mode +kuryr_cni_debug: "false" + +# The version of cni binaries +cni_version: v0.5.2 + +# Path to bin dir (where kuryr execs get installed) +bin_dir: /usr/bin + +# Path to the cni binaries +cni_bin_dir: /opt/cni/bin + +# URL for cni binaries +cni_bin_url_base: "https://github.com/containernetworking/cni/releases/download/" +cni_bin_url: "{{ cni_bin_url_base }}/{{ cni_version }}/cni-{{ cni_version }}.tgz" +cni_bin_checksum: "71f411080245aa14d0cc06f6824e8039607dd9e9" + +# Kuryr ClusterRole definition +kuryr_clusterrole: + name: kuryrctl + state: present + rules: + - apiGroups: + - "" + attributeRestrictions: null + verbs: + - get + - list + - watch + resources: + - daemonsets + - deployments + - deploymentconfigs + - endpoints + - ingress + - nodes + - namespaces + - pods + - projects + - routes + - services + - apiGroups: + - "" + attributeRestrictions: null + verbs: + - update + - patch + resources: + - endpoints + - ingress + - pods + - namespaces + - nodes + - services + - services/status + - routes diff --git a/roles/kuryr/meta/main.yml b/roles/kuryr/meta/main.yml new file mode 100644 index 000000000..7fd5adf41 --- /dev/null +++ b/roles/kuryr/meta/main.yml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: Red Hat + description: Kuryr networking + company: Red Hat + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: lib_openshift } +- { role: openshift_facts } diff --git a/roles/kuryr/tasks/master.yaml b/roles/kuryr/tasks/master.yaml new file mode 100644 index 000000000..55ab16f74 --- /dev/null +++ b/roles/kuryr/tasks/master.yaml @@ -0,0 +1,52 @@ +--- +- name: Perform OpenShit ServiceAccount config + include: serviceaccount.yaml + +- name: Create kuryr manifests tempdir + command: mktemp -d + register: manifests_tmpdir + +- name: Create kuryr ConfigMap manifest + become: yes + template: + src: configmap.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/configmap.yaml" + +- name: Create kuryr-controller Deployment manifest + become: yes + template: + src: controller-deployment.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/controller-deployment.yaml" + +- name: Create kuryr-cni DaemonSet manifest + become: yes + template: + src: cni-daemonset.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/cni-daemonset.yaml" + +- name: Apply ConfigMap manifest + oc_obj: + state: present + kind: ConfigMap + name: "kuryr-config" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/configmap.yaml" + +- name: Apply Controller Deployment manifest + oc_obj: + state: present + kind: Deployment + name: "kuryr-controller" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/controller-deployment.yaml" + +- name: Apply kuryr-cni DaemonSet manifest + oc_obj: + state: present + kind: DaemonSet + name: "kuryr-cni-ds" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/cni-daemonset.yaml" diff --git a/roles/kuryr/tasks/node.yaml b/roles/kuryr/tasks/node.yaml new file mode 100644 index 000000000..ffe814713 --- /dev/null +++ b/roles/kuryr/tasks/node.yaml @@ -0,0 +1,48 @@ +--- +- name: Create CNI bin directory + file: + state: directory + path: "{{ cni_bin_dir }}" + mode: 0755 + owner: root + group: root + recurse: yes + +- name: Create CNI extraction tempdir + command: mktemp -d + register: cni_tmpdir + +- name: Download CNI + get_url: + url: "{{ cni_bin_url }}" + checksum: "sha1:{{ cni_bin_checksum }}" + mode: 0644 + dest: "{{ cni_tmpdir.stdout }}" + register: downloaded_tarball + +- name: Extract CNI + become: yes + unarchive: + remote_src: True + src: "{{ downloaded_tarball.dest }}" + dest: "{{ cni_bin_dir }}" + when: downloaded_tarball.changed + +- name: Ensure CNI net.d exists + file: + path: /etc/cni/net.d + recurse: yes + state: directory + +- name: Configure OpenShift node with disabled service proxy + lineinfile: + dest: "/etc/sysconfig/{{ openshift.common.service_type }}-node" + regexp: '^OPTIONS="?(.*?)"?$' + backrefs: yes + backup: yes + line: 'OPTIONS="\1 --disable dns,proxy,plugins"' + +- name: force node restart to disable the proxy + service: + name: "{{ openshift.common.service_type }}-node" + state: restarted diff --git a/roles/kuryr/tasks/serviceaccount.yaml b/roles/kuryr/tasks/serviceaccount.yaml new file mode 100644 index 000000000..088f13091 --- /dev/null +++ b/roles/kuryr/tasks/serviceaccount.yaml @@ -0,0 +1,31 @@ +--- +- name: Create Controller service account + oc_serviceaccount: + name: kuryr-controller + namespace: "{{ kuryr_namespace }}" + register: saout + +- name: Create a role for the Kuryr + oc_clusterrole: "{{ kuryr_clusterrole }}" + +- name: Fetch the created Kuryr controller cluster role + oc_clusterrole: + name: kuryrctl + state: list + register: crout + +- name: Grant Kuryr the privileged security context constraints + oc_adm_policy_user: + user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}" + namespace: "{{ kuryr_namespace }}" + resource_kind: scc + resource_name: privileged + state: present + +- name: Assign role to Kuryr service account + oc_adm_policy_user: + user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}" + namespace: "{{ kuryr_namespace }}" + resource_kind: cluster-role + resource_name: "{{ crout.results.results.metadata.name }}" + state: present diff --git a/roles/kuryr/templates/cni-daemonset.yaml.j2 b/roles/kuryr/templates/cni-daemonset.yaml.j2 new file mode 100644 index 000000000..39348ae90 --- /dev/null +++ b/roles/kuryr/templates/cni-daemonset.yaml.j2 @@ -0,0 +1,53 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kuryr-cni-ds + namespace: {{ kuryr_namespace }} + labels: + tier: node + app: kuryr +spec: + template: + metadata: + labels: + tier: node + app: kuryr + spec: + hostNetwork: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: kuryr-controller + containers: + - name: kuryr-cni + image: kuryr/cni:latest + imagePullPolicy: IfNotPresent + command: [ "cni_ds_init" ] + securityContext: + privileged: true + volumeMounts: + - name: bin + mountPath: /opt/cni/bin + - name: net-conf + mountPath: /etc/cni/net.d + - name: config-volume + mountPath: /tmp/kuryr/kuryr.conf + subPath: kuryr-cni.conf + - name: etc + mountPath: /etc + volumes: + - name: bin + hostPath: + path: {{ cni_bin_dir }} + - name: net-conf + hostPath: + path: /etc/cni/net.d + - name: config-volume + configMap: + name: kuryr-config + - name: etc + hostPath: + path: /etc
\ No newline at end of file diff --git a/roles/kuryr/templates/configmap.yaml.j2 b/roles/kuryr/templates/configmap.yaml.j2 new file mode 100644 index 000000000..e874d6c25 --- /dev/null +++ b/roles/kuryr/templates/configmap.yaml.j2 @@ -0,0 +1,343 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kuryr-config + namespace: {{ kuryr_namespace }} +data: + kuryr.conf: |+ + [DEFAULT] + + # + # From kuryr_kubernetes + # + + # Directory for Kuryr vif binding executables. (string value) + #bindir = /usr/libexec/kuryr + + # If set to true, the logging level will be set to DEBUG instead of the default + # INFO level. (boolean value) + # Note: This option can be changed without restarting. + #debug = false + + # DEPRECATED: If set to false, the logging level will be set to WARNING instead + # of the default INFO level. (boolean value) + # This option is deprecated for removal. + # Its value may be silently ignored in the future. + #verbose = true + + # The name of a logging configuration file. This file is appended to any + # existing logging configuration files. For details about logging configuration + # files, see the Python logging module documentation. Note that when logging + # configuration files are used then all logging configuration is set in the + # configuration file and other logging configuration options are ignored (for + # example, logging_context_format_string). (string value) + # Note: This option can be changed without restarting. + # Deprecated group/name - [DEFAULT]/log_config + #log_config_append = <None> + + # Defines the format string for %%(asctime)s in log records. Default: + # %(default)s . This option is ignored if log_config_append is set. (string + # value) + #log_date_format = %Y-%m-%d %H:%M:%S + + # (Optional) Name of log file to send logging output to. If no default is set, + # logging will go to stderr as defined by use_stderr. This option is ignored if + # log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logfile + #log_file = /var/log/kuryr/kuryr-controller.log + + # (Optional) The base directory used for relative log_file paths. This option + # is ignored if log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logdir + #log_dir = <None> + + # Uses logging handler designed to watch file system. When log file is moved or + # removed this handler will open a new log file with specified path + # instantaneously. It makes sense only if log_file option is specified and + # Linux platform is used. This option is ignored if log_config_append is set. + # (boolean value) + #watch_log_file = false + + # Use syslog for logging. Existing syslog format is DEPRECATED and will be + # changed later to honor RFC5424. This option is ignored if log_config_append + # is set. (boolean value) + #use_syslog = false + + # Syslog facility to receive log lines. This option is ignored if + # log_config_append is set. (string value) + #syslog_log_facility = LOG_USER + + # Log output to standard error. This option is ignored if log_config_append is + # set. (boolean value) + #use_stderr = true + + # Format string to use for log messages with context. (string value) + #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + + # Format string to use for log messages when context is undefined. (string + # value) + #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + + # Additional data to append to log message when logging level for the message + # is DEBUG. (string value) + #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + + # Prefix each line of exception output with this format. (string value) + #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + + # Defines the format string for %(user_identity)s that is used in + # logging_context_format_string. (string value) + #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + + # List of package logging levels in logger=LEVEL pairs. This option is ignored + # if log_config_append is set. (list value) + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + + # Enables or disables publication of error events. (boolean value) + #publish_errors = false + + # The format for an instance that is passed with the log message. (string + # value) + #instance_format = "[instance: %(uuid)s] " + + # The format for an instance UUID that is passed with the log message. (string + # value) + #instance_uuid_format = "[instance: %(uuid)s] " + + # Enables or disables fatal status of deprecations. (boolean value) + #fatal_deprecations = false + + + [binding] + + driver = kuryr.lib.binding.drivers.vlan + link_iface = eth0 + + [kubernetes] + + # + # From kuryr_kubernetes + # + + # The root URL of the Kubernetes API (string value) + api_root = {{ openshift.master.api_url }} + + # Absolute path to client cert to connect to HTTPS K8S_API (string value) + # ssl_client_crt_file = /etc/kuryr/controller.crt + + # Absolute path client key file to connect to HTTPS K8S_API (string value) + # ssl_client_key_file = /etc/kuryr/controller.key + + # Absolute path to ca cert file to connect to HTTPS K8S_API (string value) + ssl_ca_crt_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + + # The token to talk to the k8s API + token_file = /var/run/secrets/kubernetes.io/serviceaccount/token + + # HTTPS K8S_API server identity verification (boolean value) + # TODO (apuimedo): Make configurable + ssl_verify_server_crt = True + + # The driver to determine OpenStack project for pod ports (string value) + pod_project_driver = default + + # The driver to determine OpenStack project for services (string value) + service_project_driver = default + + # The driver to determine Neutron subnets for pod ports (string value) + pod_subnets_driver = default + + # The driver to determine Neutron subnets for services (string value) + service_subnets_driver = default + + # The driver to determine Neutron security groups for pods (string value) + pod_security_groups_driver = default + + # The driver to determine Neutron security groups for services (string value) + service_security_groups_driver = default + + # The driver that provides VIFs for Kubernetes Pods. (string value) + pod_vif_driver = nested-vlan + + + [neutron] + # Configuration options for OpenStack Neutron + + # + # From kuryr_kubernetes + # + + # Authentication URL (string value) + auth_url = {{ kuryr_openstack_auth_url }} + + # Authentication type to load (string value) + # Deprecated group/name - [neutron]/auth_plugin + auth_type = password + + # Domain ID to scope to (string value) + user_domain_name = {{ kuryr_openstack_user_domain_name }} + + # User's password (string value) + password = {{ kuryr_openstack_password }} + + # Domain name containing project (string value) + project_domain_name = {{ kuryr_openstack_project_domain_name }} + + # Project ID to scope to (string value) + # Deprecated group/name - [neutron]/tenant-id + project_id = {{ kuryr_openstack_project_id }} + + # Token (string value) + #token = <None> + + # Trust ID (string value) + #trust_id = <None> + + # User's domain id (string value) + #user_domain_id = <None> + + # User id (string value) + #user_id = <None> + + # Username (string value) + # Deprecated group/name - [neutron]/user-name + username = {{kuryr_openstack_username }} + + # Whether a plugging operation is failed if the port to plug does not become + # active (boolean value) + #vif_plugging_is_fatal = false + + # Seconds to wait for port to become active (integer value) + #vif_plugging_timeout = 0 + + [neutron_defaults] + + pod_security_groups = {{ kuryr_openstack_pod_sg_id }} + pod_subnet = {{ kuryr_openstack_pod_subnet_id }} + service_subnet = {{ kuryr_openstack_service_subnet_id }} + project = {{ kuryr_openstack_pod_project_id }} + # TODO (apuimedo): Remove the duplicated line just after this one once the + # RDO packaging contains the upstream patch + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + + [pod_vif_nested] + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + kuryr-cni.conf: |+ + [DEFAULT] + + # + # From kuryr_kubernetes + # + # If set to true, the logging level will be set to DEBUG instead of the default + # INFO level. (boolean value) + # Note: This option can be changed without restarting. + #debug = false + + # The name of a logging configuration file. This file is appended to any + # existing logging configuration files. For details about logging configuration + # files, see the Python logging module documentation. Note that when logging + # configuration files are used then all logging configuration is set in the + # configuration file and other logging configuration options are ignored (for + # example, logging_context_format_string). (string value) + # Note: This option can be changed without restarting. + # Deprecated group/name - [DEFAULT]/log_config + #log_config_append = <None> + + # Defines the format string for %%(asctime)s in log records. Default: + # %(default)s . This option is ignored if log_config_append is set. (string + # value) + #log_date_format = %Y-%m-%d %H:%M:%S + + # (Optional) Name of log file to send logging output to. If no default is set, + # logging will go to stderr as defined by use_stderr. This option is ignored if + # log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logfile + #log_file = /var/log/kuryr/cni.log + + # (Optional) The base directory used for relative log_file paths. This option + # is ignored if log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logdir + #log_dir = <None> + + # Uses logging handler designed to watch file system. When log file is moved or + # removed this handler will open a new log file with specified path + # instantaneously. It makes sense only if log_file option is specified and + # Linux platform is used. This option is ignored if log_config_append is set. + # (boolean value) + #watch_log_file = false + + # Use syslog for logging. Existing syslog format is DEPRECATED and will be + # changed later to honor RFC5424. This option is ignored if log_config_append + # is set. (boolean value) + #use_syslog = false + + # Syslog facility to receive log lines. This option is ignored if + # log_config_append is set. (string value) + #syslog_log_facility = LOG_USER + + # Log output to standard error. This option is ignored if log_config_append is + # set. (boolean value) + use_stderr = true + + # Format string to use for log messages with context. (string value) + #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + + # Format string to use for log messages when context is undefined. (string + # value) + #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + + # Additional data to append to log message when logging level for the message + # is DEBUG. (string value) + #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + + # Prefix each line of exception output with this format. (string value) + #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + + # Defines the format string for %(user_identity)s that is used in + # logging_context_format_string. (string value) + #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + + # List of package logging levels in logger=LEVEL pairs. This option is ignored + # if log_config_append is set. (list value) + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + + # Enables or disables publication of error events. (boolean value) + #publish_errors = false + + # The format for an instance that is passed with the log message. (string + # value) + #instance_format = "[instance: %(uuid)s] " + + # The format for an instance UUID that is passed with the log message. (string + # value) + #instance_uuid_format = "[instance: %(uuid)s] " + + # Enables or disables fatal status of deprecations. (boolean value) + #fatal_deprecations = false + + + [binding] + + driver = kuryr.lib.binding.drivers.vlan + link_iface = {{ kuryr_cni_link_interface }} + + [kubernetes] + + # + # From kuryr_kubernetes + # + + # The root URL of the Kubernetes API (string value) + api_root = {{ openshift.master.api_url }} + + # The token to talk to the k8s API + token_file = /etc/kuryr/token + + # Absolute path to ca cert file to connect to HTTPS K8S_API (string value) + ssl_ca_crt_file = /etc/kuryr/ca.crt + + # HTTPS K8S_API server identity verification (boolean value) + # TODO (apuimedo): Make configurable + ssl_verify_server_crt = True diff --git a/roles/kuryr/templates/controller-deployment.yaml.j2 b/roles/kuryr/templates/controller-deployment.yaml.j2 new file mode 100644 index 000000000..d970270b5 --- /dev/null +++ b/roles/kuryr/templates/controller-deployment.yaml.j2 @@ -0,0 +1,40 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + name: kuryr-controller + name: kuryr-controller + namespace: {{ kuryr_namespace }} +spec: + replicas: 1 + template: + metadata: + labels: + name: kuryr-controller + name: kuryr-controller + spec: + serviceAccountName: kuryr-controller + automountServiceAccountToken: true + hostNetwork: true + containers: + - image: kuryr/controller:latest + imagePullPolicy: IfNotPresent + name: controller + terminationMessagePath: "/dev/termination-log" + # FIXME(dulek): This shouldn't be required, but without it selinux is + # complaining about access to kuryr.conf. + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - name: config-volume + mountPath: "/etc/kuryr/kuryr.conf" + subPath: kuryr.conf + volumes: + - name: config-volume + configMap: + name: kuryr-config + defaultMode: 0666 + restartPolicy: Always diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index 0614f359d..62bda33ad 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -1633,7 +1633,7 @@ class OCSecret(OpenShiftCLI): This receives a list of file names and converts it into a secret. The secret is then written to disk and passed into the `oc replace` command. ''' - secret = self.prep_secret(files, force) + secret = self.prep_secret(files, force=force) if secret['returncode'] != 0: return secret diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py index e88f3ae8d..7e7d0fa60 100644 --- a/roles/lib_openshift/library/oc_storageclass.py +++ b/roles/lib_openshift/library/oc_storageclass.py @@ -1664,7 +1664,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/lib_openshift/src/ansible/oc_storageclass.py b/roles/lib_openshift/src/ansible/oc_storageclass.py index e9f3ebbd3..a8f371661 100644 --- a/roles/lib_openshift/src/ansible/oc_storageclass.py +++ b/roles/lib_openshift/src/ansible/oc_storageclass.py @@ -14,7 +14,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/lib_openshift/src/class/oc_secret.py b/roles/lib_openshift/src/class/oc_secret.py index 5322d6241..89e70b6b2 100644 --- a/roles/lib_openshift/src/class/oc_secret.py +++ b/roles/lib_openshift/src/class/oc_secret.py @@ -67,7 +67,7 @@ class OCSecret(OpenShiftCLI): This receives a list of file names and converts it into a secret. The secret is then written to disk and passed into the `oc replace` command. ''' - secret = self.prep_secret(files, force) + secret = self.prep_secret(files, force=force) if secret['returncode'] != 0: return secret diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 21da6b953..410b739e9 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -7,8 +7,13 @@ openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: > (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and diff --git a/roles/openshift_atomic/README.md b/roles/openshift_atomic/README.md new file mode 100644 index 000000000..8c10c9991 --- /dev/null +++ b/roles/openshift_atomic/README.md @@ -0,0 +1,28 @@ +OpenShift Atomic +================ + +This role houses atomic specific tasks. + +Requirements +------------ + +Role Variables +-------------- + +Dependencies +------------ + +Example Playbook +---------------- + +``` +- name: Ensure atomic proxies are defined + hosts: localhost + roles: + - role: openshift_atomic +``` + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_atomic/meta/main.yml b/roles/openshift_atomic/meta/main.yml new file mode 100644 index 000000000..ea129f514 --- /dev/null +++ b/roles/openshift_atomic/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: OpenShift + description: Atomic related tasks + company: Red Hat, Inc + license: ASL 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: lib_openshift diff --git a/roles/openshift_atomic/tasks/proxy.yml b/roles/openshift_atomic/tasks/proxy.yml new file mode 100644 index 000000000..dde099984 --- /dev/null +++ b/roles/openshift_atomic/tasks/proxy.yml @@ -0,0 +1,32 @@ +--- +# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf +# regexp: the line starts with or without #, followed by the string +# http_proxy, then either : or = +- block: + + - name: Add http_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" + when: + - openshift.common.http_proxy is defined + - openshift.common.http_proxy != '' + + - name: Add https_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" + when: + - openshift.common.https_proxy is defined + - openshift.common.https_proxy != '' + + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 5371588cf..51f7d31c2 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -4,7 +4,6 @@ openshift_aws_create_iam_cert: True openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True -openshift_aws_node_group_type: master openshift_aws_wait_for_ssh: True @@ -12,12 +11,11 @@ openshift_aws_clusterid: default openshift_aws_region: us-east-1 openshift_aws_vpc_name: "{{ openshift_aws_clusterid }}" openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}" -openshift_aws_kubernetes_cluster_status: "{{ openshift_aws_clusterid }}" openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external" openshift_aws_iam_cert_path: '' openshift_aws_iam_cert_key_path: '' -openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}" +openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift" openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms" openshift_aws_ami: '' @@ -28,7 +26,7 @@ openshift_aws_ami_name: openshift-gi openshift_aws_base_ami_name: ami_base openshift_aws_launch_config_bootstrap_token: '' -openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}" +openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}" openshift_aws_users: [] @@ -48,12 +46,19 @@ openshift_aws_elb_health_check: unhealthy_threshold: 2 healthy_threshold: 2 -openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}" +openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}" +openshift_aws_elb_name_dict: + master: + external: "{{ openshift_aws_elb_basename }}-master-external" + internal: "{{ openshift_aws_elb_basename }}-master-internal" + infra: + external: "{{ openshift_aws_elb_basename }}-infra" + openshift_aws_elb_idle_timout: 400 openshift_aws_elb_scheme: internet-facing openshift_aws_elb_cert_arn: '' -openshift_aws_elb_listeners: +openshift_aws_elb_dict: master: external: - protocol: tcp @@ -75,6 +80,18 @@ openshift_aws_elb_listeners: load_balancer_port: 443 instance_protocol: tcp instance_port: 443 + infra: + external: + - protocol: tcp + load_balancer_port: 80 + instance_protocol: tcp + instance_port: 443 + proxy_protocol: True + - protocol: tcp + load_balancer_port: 443 + instance_protocol: tcp + instance_port: 443 + proxy_protocol: True openshift_aws_node_group_config_master_volumes: - device_name: /dev/sdb @@ -88,17 +105,21 @@ openshift_aws_node_group_config_node_volumes: device_type: gp2 delete_on_termination: True -openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instance_tags(openshift_aws_kubernetes_cluster_status) }}" +openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" openshift_aws_node_group_termination_policy: Default openshift_aws_node_group_replace_instances: [] openshift_aws_node_group_replace_all_instances: False openshift_aws_node_group_config_extra_labels: {} -openshift_aws_node_group_config: - tags: "{{ openshift_aws_node_group_config_tags }}" +openshift_aws_ami_map: + master: "{{ openshift_aws_ami }}" + infra: "{{ openshift_aws_ami }}" + compute: "{{ openshift_aws_ami }}" + +openshift_aws_master_group_config: + # The 'master' key is always required here. master: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_master_volumes }}" health_check: period: 60 @@ -114,9 +135,12 @@ openshift_aws_node_group_config: wait_for_instances: True termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" + +openshift_aws_node_group_config: + # The 'compute' key is always required here. compute: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -131,9 +155,9 @@ openshift_aws_node_group_config: type: compute termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + # The 'infra' key is always required here. infra: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -148,20 +172,30 @@ openshift_aws_node_group_config: type: infra termination_policy: "{{ openshift_aws_node_group_termination_policy }}" replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" + +openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}" +openshift_aws_elb_az_load_balancing: False -openshift_aws_elb_security_groups: -- "{{ openshift_aws_clusterid }}" -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" +openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" -openshift_aws_elb_instance_filter: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" - instance-state-name: running +openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}" openshift_aws_launch_config_security_groups: -- "{{ openshift_aws_clusterid }}" # default sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s + compute: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_compute" # node type sg + - "{{ openshift_aws_clusterid }}_compute_k8s" # node type sg k8s + infra: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_infra" # node type sg + - "{{ openshift_aws_clusterid }}_infra_k8s" # node type sg k8s + master: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_master" # node type sg + - "{{ openshift_aws_clusterid }}_master_k8s" # node type sg k8s + +openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}" openshift_aws_node_security_groups: default: @@ -231,3 +265,18 @@ openshift_aws_vpc: openshift_aws_node_run_bootstrap_startup: True openshift_aws_node_user_data: '' openshift_aws_node_config_namespace: openshift-node + +# If creating extra node groups, you'll need to define all of the following + +# The format is the same as openshift_aws_node_group_config, but the top-level +# key names should be different (ie, not == master or infra). +# openshift_aws_node_group_config_extra: {} + +# This variable should look like openshift_aws_launch_config_security_groups +# and contain a one-to-one mapping of top level keys that are defined in +# openshift_aws_node_group_config_extra. +# openshift_aws_launch_config_security_groups_extra: {} + +# openshift_aws_node_security_groups_extra: {} + +# openshift_aws_ami_map_extra: {} diff --git a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py index 06e1f9602..a9893c0a7 100644 --- a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py +++ b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py @@ -9,17 +9,17 @@ class FilterModule(object): ''' Custom ansible filters for use by openshift_aws role''' @staticmethod - def build_instance_tags(clusterid, status='owned'): + def build_instance_tags(clusterid): ''' This function will return a dictionary of the instance tags. The main desire to have this inside of a filter_plugin is that we need to build the following key. - {"kubernetes.io/cluster/{{ openshift_aws_clusterid }}": 'owned'} + {"kubernetes.io/cluster/{{ openshift_aws_clusterid }}": "{{ openshift_aws_clusterid}}"} ''' tags = {'clusterid': clusterid, - 'kubernetes.io/cluster/{}'.format(clusterid): status} + 'kubernetes.io/cluster/{}'.format(clusterid): clusterid} return tags diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 0dac1c23d..852adc7b5 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -1,4 +1,6 @@ --- +# This task file expects l_nodes_to_build to be passed in. + # When openshift_aws_use_custom_ami is '' then # we retrieve the latest build AMI. # Then set openshift_aws_ami to the ami. @@ -21,14 +23,12 @@ - "'results' in amiout" - amiout.results|length > 0 -- when: openshift_aws_create_security_groups - name: "Create {{ openshift_aws_node_group_type }} security groups" - include: security_group.yml +# Need to set epoch time in one place to use for launch_config and scale_group +- set_fact: + l_epoch_time: "{{ ansible_date_time.epoch }}" - when: openshift_aws_create_launch_config - name: "Create {{ openshift_aws_node_group_type }} launch config" include: launch_config.yml - when: openshift_aws_create_scale_group - name: "Create {{ openshift_aws_node_group_type }} node group" include: scale_group.yml diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index 7bc3184df..a543222d5 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -1,66 +1,24 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: debug - debug: var=vpcout - -- name: fetch the remote instances - ec2_remote_facts: - region: "{{ openshift_aws_region }}" - filters: "{{ openshift_aws_elb_instance_filter }}" - register: instancesout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - -- name: +- name: "dump the elb listeners for {{ l_elb_dict_item.key }}" debug: - msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + msg: "{{ l_elb_dict_item.value }}" -- name: "Create ELB {{ l_openshift_aws_elb_name }}" +- name: "Create ELB {{ l_elb_dict_item.key }}" ec2_elb_lb: - name: "{{ l_openshift_aws_elb_name }}" + name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}" state: present - security_group_names: "{{ openshift_aws_elb_security_groups }}" + cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}" + security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}" idle_timeout: "{{ openshift_aws_elb_idle_timout }}" region: "{{ openshift_aws_region }}" subnets: - "{{ subnetout.subnets[0].id }}" health_check: "{{ openshift_aws_elb_health_check }}" - listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + listeners: "{{ item.value }}" scheme: "{{ openshift_aws_elb_scheme }}" - tags: - KubernetesCluster: "{{ openshift_aws_clusterid }}" + tags: "{{ openshift_aws_elb_tags }}" register: new_elb - -# It is necessary to ignore_errors here because the instances are not in 'ready' -# state when first added to ELB -- name: "Add instances to ELB {{ l_openshift_aws_elb_name }}" - ec2_elb: - instance_id: "{{ item.id }}" - ec2_elbs: "{{ l_openshift_aws_elb_name }}" - state: present - region: "{{ openshift_aws_region }}" - wait: False - with_items: "{{ instancesout.instances }}" - ignore_errors: True - retries: 10 - register: elb_call - until: elb_call|succeeded + with_dict: "{{ l_elb_dict_item.value }}" - debug: msg: "{{ item }}" diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index 8b7b02a0e..0dbeba5a0 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -9,31 +9,7 @@ when: - openshift_deployment_type is undefined -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the security groups for launch config - ec2_group_facts: - filters: - group-name: "{{ openshift_aws_launch_config_security_groups }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - region: "{{ openshift_aws_region }}" - register: ec2sgs - -# Create the scale group config -- name: Create the node scale group launch config - ec2_lc: - name: "{{ openshift_aws_launch_config_name }}" - region: "{{ openshift_aws_region }}" - image_id: "{{ openshift_aws_ami }}" - instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}" - security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" - user_data: "{{ lookup('template', 'user_data.j2') }}" - key_name: "{{ openshift_aws_ssh_key_name }}" - ebs_optimized: False - volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}" - assign_public_ip: True +- include: launch_config_create.yml + with_dict: "{{ l_nodes_to_build }}" + loop_control: + loop_var: launch_config_item diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml new file mode 100644 index 000000000..8265c2179 --- /dev/null +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -0,0 +1,22 @@ +--- +- name: fetch the security groups for launch config + ec2_group_facts: + filters: + group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + region: "{{ openshift_aws_region }}" + register: ec2sgs + +# Create the scale group config +- name: Create the node scale group launch config + ec2_lc: + name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" + region: "{{ openshift_aws_region }}" + image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" + instance_type: "{{ launch_config_item.value.instance_type }}" + security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" + user_data: "{{ lookup('template', 'user_data.j2') }}" + key_name: "{{ openshift_aws_ssh_key_name }}" + ebs_optimized: False + volumes: "{{ launch_config_item.value.volumes }}" + assign_public_ip: True diff --git a/roles/openshift_aws/tasks/master_facts.yml b/roles/openshift_aws/tasks/master_facts.yml index 737cfc7a6..530b0134d 100644 --- a/roles/openshift_aws/tasks/master_facts.yml +++ b/roles/openshift_aws/tasks/master_facts.yml @@ -3,20 +3,18 @@ ec2_elb_facts: region: "{{ openshift_aws_region }}" names: - - "{{ item }}" - with_items: - - "{{ openshift_aws_elb_name }}-external" - - "{{ openshift_aws_elb_name }}-internal" + - "{{ openshift_aws_elb_name_dict['master']['internal'] }}" delegate_to: localhost register: elbs - debug: var=elbs + run_once: true - name: set fact set_fact: - openshift_master_cluster_hostname: "{{ elbs.results[1].elbs[0].dns_name }}" + openshift_master_cluster_hostname: "{{ elbs.elbs[0].dns_name }}" osm_custom_cors_origins: - - "{{ elbs.results[1].elbs[0].dns_name }}" + - "{{ elbs.elbs[0].dns_name }}" - "console.{{ openshift_aws_clusterid | default('default') }}.openshift.com" - "api.{{ openshift_aws_clusterid | default('default') }}.openshift.com" with_items: "{{ groups['masters'] }}" diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index a8518d43a..91538ed5c 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -7,35 +7,36 @@ name: create s3 bucket for registry include: s3.yml +- include: vpc_and_subnet_id.yml + +- name: create elbs + include: elb.yml + with_dict: "{{ openshift_aws_elb_dict }}" + vars: + l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" + l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" + loop_control: + loop_var: l_elb_dict_item + - name: include scale group creation for master include: build_node_group.yml + vars: + l_nodes_to_build: "{{ openshift_aws_master_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" - name: fetch newly created instances ec2_remote_facts: region: "{{ openshift_aws_region }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" + "tag:host-type": "master" instance-state-name: running register: instancesout retries: 20 delay: 3 until: instancesout.instances|length > 0 -- name: create our master internal load balancers - include: elb.yml - vars: - openshift_aws_elb_direction: internal - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-internal" - openshift_aws_elb_scheme: internal - -- name: create our master external load balancers - include: elb.yml - vars: - openshift_aws_elb_direction: external - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-external" - openshift_aws_elb_scheme: internet-facing - - name: wait for ssh to become available wait_for: port: 22 diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml index 25ae6ce1c..3349acb7a 100644 --- a/roles/openshift_aws/tasks/provision_instance.yml +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -3,20 +3,7 @@ set_fact: openshift_node_bootstrap: True -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout +- include: vpc_and_subnet_id.yml - name: create instance for ami creation ec2: diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index fc4996c68..1b40f24d3 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -25,19 +25,23 @@ set_fact: openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- name: include build node group for infra +- include: vpc_and_subnet_id.yml + +- name: include build compute and infra node groups include: build_node_group.yml vars: - openshift_aws_node_group_type: infra - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" -- name: include build node group for compute +- name: include build node group for extra nodes include: build_node_group.yml + when: openshift_aws_node_group_config_extra is defined vars: - openshift_aws_node_group_type: compute - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" + l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" + - when: openshift_aws_wait_for_ssh | bool block: diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index eb31636e7..097859af2 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,11 +1,4 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - - name: fetch the subnet to use in scale group ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" @@ -16,19 +9,20 @@ - name: Create the scale group ec2_asg: - name: "{{ openshift_aws_scale_group_name }}" - launch_config_name: "{{ openshift_aws_launch_config_name }}" - health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}" - health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}" - min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}" - max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}" - desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}" + name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" + launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" + health_check_period: "{{ item.value.health_check.period }}" + health_check_type: "{{ item.value.health_check.type }}" + min_size: "{{ item.value.min_size }}" + max_size: "{{ item.value.max_size }}" + desired_capacity: "{{ item.value.desired_size }}" region: "{{ openshift_aws_region }}" - termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}" + termination_policies: "{{ item.value.termination_policy if 'termination_policy' in item.value else omit }}" + load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}" + wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}" vpc_zone_identifier: "{{ subnetout.subnets[0].id }}" replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}" - replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (openshift_aws_node_group_config[openshift_aws_node_group_type].replace_all_instances | default(omit)) }}" + replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}" tags: - - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}" + - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}" + with_dict: "{{ l_nodes_to_build }}" diff --git a/roles/openshift_aws/tasks/seal_ami.yml b/roles/openshift_aws/tasks/seal_ami.yml index d319fdd1a..0cb749dcc 100644 --- a/roles/openshift_aws/tasks/seal_ami.yml +++ b/roles/openshift_aws/tasks/seal_ami.yml @@ -1,11 +1,4 @@ --- -- name: Remove any ansible facts created during AMI creation - file: - path: "/etc/ansible/facts.d/{{ item }}" - state: absent - with_items: - - openshift.fact - - name: fetch newly created instances ec2_remote_facts: region: "{{ openshift_aws_region }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index 161e72fb4..5cc7ae537 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,40 +6,11 @@ "tag:Name": "{{ openshift_aws_clusterid }}" register: vpcout -- name: Create default security group for cluster - ec2_group: - name: "{{ openshift_aws_node_security_groups.default.name }}" - description: "{{ openshift_aws_node_security_groups.default.desc }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}" - register: sg_default_created - -- name: create the node group sgs - ec2_group: - name: "{{ item.name}}" - description: "{{ item.desc }}" - rules: "{{ item.rules if 'rules' in item else [] }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" +- include: security_group_create.yml + vars: + l_security_groups: "{{ openshift_aws_node_security_groups }}" -- name: create the k8s sgs for the node group - ec2_group: - name: "{{ item.name }}_k8s" - description: "{{ item.desc }} for k8s" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: k8s_sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" - -- name: tag sg groups with proper tags - ec2_tag: - tags: - KubernetesCluster: "{{ openshift_aws_clusterid }}" - resource: "{{ item.group_id }}" - region: "{{ openshift_aws_region }}" - with_items: "{{ k8s_sg_create.results }}" +- include: security_group_create.yml + when: openshift_aws_node_security_groups_extra is defined + vars: + l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" diff --git a/roles/openshift_aws/tasks/security_group_create.yml b/roles/openshift_aws/tasks/security_group_create.yml new file mode 100644 index 000000000..ef6060555 --- /dev/null +++ b/roles/openshift_aws/tasks/security_group_create.yml @@ -0,0 +1,25 @@ +--- +- name: create the node group sgs + ec2_group: + name: "{{ item.value.name}}" + description: "{{ item.value.desc }}" + rules: "{{ item.value.rules if 'rules' in item.value else [] }}" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + +- name: create the k8s sgs for the node group + ec2_group: + name: "{{ item.value.name }}_k8s" + description: "{{ item.value.desc }} for k8s" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + register: k8s_sg_create + +- name: tag sg groups with proper tags + ec2_tag: + tags: "{{ openshift_aws_security_groups_tags }}" + resource: "{{ item.group_id }}" + region: "{{ openshift_aws_region }}" + with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml new file mode 100644 index 000000000..aaf9b300f --- /dev/null +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -0,0 +1,18 @@ +--- +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: debug + debug: var=vpcout + +- name: fetch the default subnet id + ec2_vpc_subnet_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_subnet_name }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + register: subnetout diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 index ed9c0ed0b..a8c7f9a95 100644 --- a/roles/openshift_aws/templates/user_data.j2 +++ b/roles/openshift_aws/templates/user_data.j2 @@ -7,9 +7,9 @@ write_files: owner: 'root:root' permissions: '0640' content: | - openshift_group_type: {{ openshift_aws_node_group_type }} -{% if openshift_aws_node_group_type != 'master' %} -- path: /etc/origin/node/csr_kubeconfig + openshift_group_type: {{ launch_config_item.key }} +{% if launch_config_item.key != 'master' %} +- path: /etc/origin/node/bootstrap.kubeconfig owner: 'root:root' permissions: '0640' encoding: b64 @@ -19,7 +19,7 @@ runcmd: {% if openshift_aws_node_run_bootstrap_startup %} - [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] {% endif %} -{% if openshift_aws_node_group_type != 'master' %} +{% if launch_config_item.key != 'master' %} - [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] - [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] {% endif %} diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 419679bc2..587526d07 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -18,9 +18,7 @@ - name: Reload generated facts openshift_facts: - when: install_result | changed - delegate_to: "{{ openshift_ca_host }}" - run_once: true + when: hostvars[openshift_ca_host].install_result | changed - name: Create openshift_ca_config_dir if it does not exist file: @@ -108,6 +106,36 @@ delegate_to: "{{ openshift_ca_host }}" run_once: true +# Create client-ca-bundle.crt containing old and new OpenShift CA +# certificates. This bundle will be used when rolling the OpenShift CA +# certificate. +- name: Create client-ca-bundle.crt + block: + - command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: openshift_ca_clientconfig_tmpdir + delegate_to: "{{ openshift_ca_host }}" + - copy: + src: "{{ item }}" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - copy: + src: "{{ openshift_ca_config_dir }}/ca.crt" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - assemble: + src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}" + dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt" + mode: 0644 + owner: root + group: root + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Test local loopback context command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py index b40c49701..08045794a 100644 --- a/roles/openshift_cli/library/openshift_container_binary_sync.py +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -36,7 +36,7 @@ class BinarySyncer(object): self.changed = False self.output = [] self.bin_dir = '/usr/local/bin' - self.image = image + self._image = image self.tag = tag self.backend = backend self.temp_dir = None # TBD @@ -142,6 +142,33 @@ class BinarySyncer(object): self.output.append("Moved %s to %s." % (src_path, dest_path)) self.changed = True + @property + def raw_image(self): + """ + Returns the image as it was originally passed in to the instance. + + .. note:: + This image string will only work directly with the atomic command. + + :returns: The original image passed in. + :rtype: str + """ + return self._image + + @property + def image(self): + """ + Returns the image without atomic prefixes used to map to skopeo args. + + :returns: The image string without prefixes + :rtype: str + """ + image = self._image + for remove in ('oci:', 'http:', 'https:'): + if image.startswith(remove): + image = image.replace(remove, '') + return image + def main(): module = AnsibleModule( # noqa: F405 diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 9e61805f9..14d8a3325 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,6 +1,9 @@ --- - set_fact: - l_use_crio: "{{ openshift_use_crio | default(false) }}" + l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}" + l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool }}" +- set_fact: + l_use_cli_atomic_image: "{{ l_use_crio_only or l_is_system_container_image }}" - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present @@ -20,23 +23,23 @@ backend: "docker" when: - openshift.common.is_containerized | bool - - not l_use_crio + - not l_use_cli_atomic_image | bool - block: - name: Pull CLI Image command: > - atomic pull --storage ostree {{ openshift.common.system_images_registry }}/{{ openshift.common.cli_image }}:{{ openshift_image_tag }} + atomic pull --storage ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ openshift.common.system_images_registry }}/{{ openshift.common.cli_image }}" + image: "{{ '' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}" tag: "{{ openshift_image_tag }}" backend: "atomic" when: - openshift.common.is_containerized | bool - - l_use_crio + - l_use_cli_atomic_image | bool - name: Reload facts to pick up installed OpenShift version openshift_facts: diff --git a/roles/openshift_default_storage_class/defaults/main.yml b/roles/openshift_default_storage_class/defaults/main.yml index bdece7640..014c06641 100644 --- a/roles/openshift_default_storage_class/defaults/main.yml +++ b/roles/openshift_default_storage_class/defaults/main.yml @@ -13,6 +13,12 @@ openshift_storageclass_defaults: parameters: type: pd-standard + openstack: + name: standard + provisioner: cinder + parameters: + fstype: xfs + openshift_storageclass_default: "true" openshift_storageclass_name: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['name'] }}" openshift_storageclass_provisioner: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['provisioner'] }}" diff --git a/roles/openshift_default_storage_class/tasks/main.yml b/roles/openshift_default_storage_class/tasks/main.yml index 172e2ac25..281ec8ed5 100644 --- a/roles/openshift_default_storage_class/tasks/main.yml +++ b/roles/openshift_default_storage_class/tasks/main.yml @@ -1,5 +1,5 @@ --- -# Install default storage classes in GCE & AWS +# Install default storage classes in GCE & AWS & OPENSTACK - name: Ensure storageclass object oc_storageclass: name: "{{ openshift_storageclass_name }}" diff --git a/roles/openshift_docker_gc/defaults/main.yml b/roles/openshift_docker_gc/defaults/main.yml new file mode 100644 index 000000000..9d79de8a1 --- /dev/null +++ b/roles/openshift_docker_gc/defaults/main.yml @@ -0,0 +1,3 @@ +--- +r_enable_docker_gc: "{{ openshift_crio_enable_docker_gc | default(False) }}" +r_docker_gc_node_selectors: "{{ openshift_crio_docker_gc_node_selector | default({}) }}" diff --git a/roles/openshift_docker_gc/meta/main.yml b/roles/openshift_docker_gc/meta/main.yml new file mode 100644 index 000000000..f88a7c533 --- /dev/null +++ b/roles/openshift_docker_gc/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: OpenShift + description: docker garbage collection + company: Red Hat, Inc + license: ASL 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: lib_openshift diff --git a/roles/openshift_docker_gc/tasks/main.yaml b/roles/openshift_docker_gc/tasks/main.yaml new file mode 100644 index 000000000..9ba551479 --- /dev/null +++ b/roles/openshift_docker_gc/tasks/main.yaml @@ -0,0 +1,27 @@ +--- +- name: Create docker-gc tempdir + command: mktemp -d + register: templates_tmpdir + +# NOTE: oc_adm_policy_user does not support -z (yet) +- name: Add dockergc as priviledged + shell: oc adm policy add-scc-to-user -z dockergc privileged +# oc_adm_policy_user: +# user: dockergc +# resource_kind: scc +# resource_name: privileged +# state: present + +- name: Create dockergc DaemonSet + become: yes + template: + src: dockergc-ds.yaml.j2 + dest: "{{ templates_tmpdir.stdout }}/dockergc-ds.yaml" + +- name: Apply dockergc DaemonSet + oc_obj: + state: present + kind: DaemonSet + name: "dockergc" + files: + - "{{ templates_tmpdir.stdout }}/dockergc-ds.yaml" diff --git a/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 new file mode 100644 index 000000000..53e8b448b --- /dev/null +++ b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: List +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: dockergc + # You must grant privileged via: oadm policy add-scc-to-user -z dockergc privileged + # in order for the dockergc to access the docker socket and root directory +- apiVersion: extensions/v1beta1 + kind: DaemonSet + metadata: + name: dockergc + labels: + app: dockergc + spec: + template: + metadata: + labels: + app: dockergc + name: dockergc + spec: +{# Only set nodeSelector if the dict is not empty #} +{% if r_docker_gc_node_selectors %} + nodeSelector: +{% for k,v in r_docker_gc_node_selectors.items() %} + {{ k }}: {{ v }}{% endfor %}{% endif %} + + serviceAccountName: dockergc + containers: + - image: openshift/origin:latest + args: + - "ex" + - "dockergc" + - "--image-gc-low-threshold=60" + - "--image-gc-high-threshold=80" + - "--minimum-ttl-duration=1h0m0s" + securityContext: + privileged: true + name: dockergc + resources: + requests: + memory: 30Mi + cpu: 50m + volumeMounts: + - name: docker-root + readOnly: true + mountPath: /var/lib/docker + - name: docker-socket + readOnly: false + mountPath: /var/run/docker.sock + volumes: + - name: docker-root + hostPath: + path: /var/lib/docker + - name: docker-socket + hostPath: + path: /var/run/docker.sock diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml index b3ecd57a6..0c072b64a 100644 --- a/roles/openshift_etcd_facts/vars/main.yml +++ b/roles/openshift_etcd_facts/vars/main.yml @@ -6,6 +6,5 @@ etcd_ip: "{{ openshift.common.ip }}" etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}" etcd_cert_prefix: etcd_cert_config_dir: "/etc/etcd" -etcd_system_container_cert_config_dir: /var/lib/etcd/etcd.etcd/etc etcd_peer_url_scheme: https etcd_url_scheme: https diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index fc4b56bbf..e623b33f3 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -10,10 +10,12 @@ content_version: "{{ openshift.common.examples_content_version }}" examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" -centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" +centos_image_streams: + - "{{ image_streams_base }}/image-streams-centos7.json" + - "{{ image_streams_base }}/dotnet_imagestreams_centos.json" rhel_image_streams: - - "{{ image_streams_base}}/image-streams-rhel7.json" - - "{{ image_streams_base}}/dotnet_imagestreams.json" + - "{{ image_streams_base }}/image-streams-rhel7.json" + - "{{ image_streams_base }}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index ca3f219d8..1d5fba990 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,7 +5,7 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.4.1 +XPAAS_VERSION=ose-v1.4.6 ORIGIN_VERSION=${1:-v3.7} RHAMP_TAG=2.0.0.GA EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} @@ -38,6 +38,7 @@ find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EX popd wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams_centos.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams_centos.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-runtime-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-runtime-example.json diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json index 0bb56452b..af66b9ea4 100644 --- a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json @@ -31,6 +31,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { @@ -44,6 +48,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { @@ -56,6 +64,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -84,6 +96,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { @@ -97,6 +113,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { @@ -109,6 +129,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -137,6 +161,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" } } ] @@ -165,6 +193,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" } } ] @@ -194,6 +226,10 @@ "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { @@ -208,6 +244,10 @@ "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { @@ -222,6 +262,10 @@ "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { @@ -236,6 +280,10 @@ "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { @@ -248,7 +296,12 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" } } ] @@ -278,6 +331,10 @@ "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { @@ -292,6 +349,10 @@ "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { @@ -304,7 +365,44 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap71-openshift", + "tags": [ + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.1,javaee:7,java:8,xpaas:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" } } ] @@ -334,6 +432,10 @@ "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -363,6 +465,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { @@ -375,7 +481,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -400,7 +511,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" } } ] @@ -430,6 +546,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { @@ -442,7 +562,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -467,7 +592,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" } } ] @@ -494,6 +624,10 @@ "supports": "datagrid:6.5,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { @@ -505,6 +639,10 @@ "supports": "datagrid:6.5,xpaas:1.4", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { @@ -514,7 +652,42 @@ "iconClass": "icon-jboss", "tags": "datagrid,jboss,xpaas", "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-jboss", + "tags": "datagrid,jboss,xpaas", + "supports": "datagrid:7.1,xpaas:1.0", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" } } ] @@ -540,6 +713,39 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-jboss", + "tags": "client,jboss,xpaas", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -566,6 +772,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { @@ -577,6 +787,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { @@ -586,7 +800,12 @@ "iconClass": "icon-jboss", "tags": "datavirt,jboss,xpaas", "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } } ] @@ -612,6 +831,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" } } ] @@ -638,6 +861,10 @@ "supports": "amq:6.2,messaging,xpaas:1.1", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { @@ -649,6 +876,10 @@ "supports": "amq:6.2,messaging,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { @@ -660,6 +891,10 @@ "supports": "amq:6.2,messaging,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { @@ -669,7 +904,27 @@ "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" } } ] @@ -696,6 +951,25 @@ "supports": "amq:6.3,messaging,xpaas:1.0", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports": "amq:6.3,messaging,xpaas:1.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" } } ] @@ -723,6 +997,10 @@ "supports": "sso:7.0,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { @@ -734,6 +1012,10 @@ "supports": "sso:7.0,xpaas:1.4", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -761,6 +1043,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { @@ -772,6 +1058,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" } } ] @@ -800,6 +1090,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -813,6 +1107,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json index 6500ed0d3..5e7585eeb 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MariaDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mariadb", "tags": "database,mariadb", - "template.openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json index 4378fa4a0..217ef11dd 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json @@ -8,10 +8,10 @@ "description": "MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mariadb", "tags": "database,mariadb", - "template.openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json index 7271a2c69..10f202c59 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MongoDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mongodb", "tags": "database,mongodb", - "template.openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json index d70d2263f..97e4128a4 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json @@ -8,10 +8,10 @@ "description": "MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mongodb", "tags": "database,mongodb", - "template.openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json index 54785993c..c0946416d 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", "tags": "database,mysql", - "template.openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json index 2bd84b106..48ac114fd 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json @@ -8,10 +8,10 @@ "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", "tags": "database,mysql", - "template.openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json index 849c9d83f..7c419f1ae 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "PostgreSQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-postgresql", "tags": "database,postgresql", - "template.openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json index b622baa01..8a2d23907 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json @@ -8,10 +8,10 @@ "description": "PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-postgresql", "tags": "database,postgresql", - "template.openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json index 15bdd079b..ee60af9db 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "Redis in-memory data structure store, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-redis", "tags": "database,redis", - "template.openshift.io/long-description": "This template provides a standalone Redis server. The data is not stored on persistent storage, so any restart of the service will result in all data being lost.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone Redis server. The data is not stored on persistent storage, so any restart of the service will result in all data being lost.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json index 1e31b02e0..e0e0a88d5 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json @@ -8,10 +8,10 @@ "description": "Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-redis", "tags": "database,redis", - "template.openshift.io/long-description": "This template provides a standalone Redis server. The data is stored on persistent storage.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone Redis server. The data is stored on persistent storage.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json index 6cef21945..e7af160d9 100644 --- a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json @@ -9,7 +9,7 @@ "metadata": { "name": "httpd", "annotations": { - "openshift.io/display-name": "Httpd" + "openshift.io/display-name": "Apache HTTP Server (httpd)" } }, "spec": { @@ -17,8 +17,9 @@ { "name": "latest", "annotations": { - "openshift.io/display-name": "Httpd (Latest)", - "description": "Build and serve static content via Httpd on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -32,8 +33,9 @@ { "name": "2.4", "annotations": { - "openshift.io/display-name": "Httpd 2.4", - "description": "Build and serve static content via Httpd on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -63,6 +65,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -71,13 +74,14 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.3" + "name": "2.4" } }, { "name": "2.0", "annotations": { "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", "tags": "hidden,builder,ruby", @@ -94,6 +98,7 @@ "name": "2.2", "annotations": { "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.2 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -110,6 +115,7 @@ "name": "2.3", "annotations": { "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -121,6 +127,23 @@ "kind": "DockerImage", "name": "centos/ruby-23-centos7:latest" } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-24-centos7:latest" + } } ] } @@ -140,6 +163,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -155,6 +179,7 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", "tags": "hidden,nodejs", @@ -171,6 +196,7 @@ "name": "4", "annotations": { "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -187,6 +213,7 @@ "name": "6", "annotations": { "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/6/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -217,6 +244,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -232,6 +260,7 @@ "name": "5.16", "annotations": { "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", "tags": "hidden,builder,perl", @@ -248,6 +277,7 @@ "name": "5.20", "annotations": { "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.20 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -264,6 +294,7 @@ "name": "5.24", "annotations": { "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -294,6 +325,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", @@ -309,6 +341,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", "tags": "hidden,builder,php", @@ -325,6 +358,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -341,6 +375,7 @@ "name": "7.0", "annotations": { "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -371,6 +406,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", @@ -386,6 +422,7 @@ "name": "3.3", "annotations": { "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", "tags": "hidden,builder,python", @@ -402,6 +439,7 @@ "name": "2.7", "annotations": { "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 2.7 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -418,6 +456,7 @@ "name": "3.4", "annotations": { "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -434,6 +473,7 @@ "name": "3.5", "annotations": { "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -464,6 +504,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "WildFly (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -479,6 +520,7 @@ "name": "8.1", "annotations": { "openshift.io/display-name": "WildFly 8.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 8.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -495,6 +537,7 @@ "name": "9.0", "annotations": { "openshift.io/display-name": "WildFly 9.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 9.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -511,6 +554,7 @@ "name": "10.0", "annotations": { "openshift.io/display-name": "WildFly 10.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 10.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -527,6 +571,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "WildFly 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 10.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -557,6 +602,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" @@ -570,6 +616,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", "tags": "hidden,mysql", @@ -584,6 +631,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -598,6 +646,7 @@ "name": "5.7", "annotations": { "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -626,6 +675,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" @@ -639,6 +689,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB 10.1 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", @@ -667,6 +718,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" @@ -680,6 +732,7 @@ "name": "9.2", "annotations": { "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", "tags": "hidden,postgresql", @@ -694,6 +747,7 @@ "name": "9.4", "annotations": { "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -708,6 +762,7 @@ "name": "9.5", "annotations": { "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -736,6 +791,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" @@ -749,6 +805,7 @@ "name": "2.4", "annotations": { "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", "tags": "hidden,mongodb", @@ -763,6 +820,7 @@ "name": "2.6", "annotations": { "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -777,6 +835,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -805,6 +864,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", "iconClass": "icon-redis", "tags": "redis" @@ -818,6 +878,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", "iconClass": "icon-redis", "tags": "redis", @@ -846,6 +907,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" @@ -859,6 +921,7 @@ "name": "1", "annotations": { "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "hidden,jenkins", @@ -873,6 +936,7 @@ "name": "2", "annotations": { "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json index abdae01e3..2b082fc75 100644 --- a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json @@ -9,7 +9,7 @@ "metadata": { "name": "httpd", "annotations": { - "openshift.io/display-name": "Httpd" + "openshift.io/display-name": "Apache HTTP Server (httpd)" } }, "spec": { @@ -17,8 +17,9 @@ { "name": "latest", "annotations": { - "openshift.io/display-name": "Httpd (Latest)", - "description": "Build and serve static content via Httpd on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -32,8 +33,9 @@ { "name": "2.4", "annotations": { - "openshift.io/display-name": "Httpd 2.4", - "description": "Build and serve static content via Httpd on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -63,6 +65,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -71,13 +74,14 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.3" + "name": "2.4" } }, { "name": "2.0", "annotations": { "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", "tags": "hidden,builder,ruby", @@ -94,6 +98,7 @@ "name": "2.2", "annotations": { "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.2 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -110,6 +115,7 @@ "name": "2.3", "annotations": { "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -121,6 +127,23 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest" } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-24-rhel7:latest" + } } ] } @@ -140,6 +163,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -155,6 +179,7 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", "tags": "hidden,nodejs", @@ -171,6 +196,7 @@ "name": "4", "annotations": { "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -187,6 +213,7 @@ "name": "6", "annotations": { "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -217,6 +244,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -232,6 +260,7 @@ "name": "5.16", "annotations": { "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", "tags": "hidden,builder,perl", @@ -248,6 +277,7 @@ "name": "5.20", "annotations": { "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.20 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -264,6 +294,7 @@ "name": "5.24", "annotations": { "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -294,6 +325,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", @@ -309,6 +341,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", "tags": "hidden,builder,php", @@ -325,6 +358,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -341,6 +375,7 @@ "name": "7.0", "annotations": { "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -371,6 +406,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", @@ -386,6 +422,7 @@ "name": "3.3", "annotations": { "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", "tags": "hidden,builder,python", @@ -402,6 +439,7 @@ "name": "2.7", "annotations": { "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 2.7 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -418,6 +456,7 @@ "name": "3.4", "annotations": { "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -434,6 +473,7 @@ "name": "3.5", "annotations": { "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -464,6 +504,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" @@ -477,6 +518,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", "tags": "hidden,mysql", @@ -491,6 +533,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -505,6 +548,7 @@ "name": "5.7", "annotations": { "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -533,6 +577,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" @@ -546,6 +591,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB 10.1 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", @@ -574,6 +620,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" @@ -587,6 +634,7 @@ "name": "9.2", "annotations": { "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", "tags": "hidden,postgresql", @@ -601,6 +649,7 @@ "name": "9.4", "annotations": { "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -615,6 +664,7 @@ "name": "9.5", "annotations": { "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -643,6 +693,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" @@ -656,6 +707,7 @@ "name": "2.4", "annotations": { "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", "tags": "hidden,mongodb", @@ -670,6 +722,7 @@ "name": "2.6", "annotations": { "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -684,6 +737,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -712,6 +766,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", "iconClass": "icon-redis", "tags": "redis" @@ -725,6 +780,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", "iconClass": "icon-redis", "tags": "redis", @@ -753,6 +809,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" @@ -766,6 +823,7 @@ "name": "1", "annotations": { "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "hidden,jenkins", @@ -780,6 +838,7 @@ "name": "2", "annotations": { "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json index 289f809fa..86ddc184a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json @@ -8,10 +8,11 @@ "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.", "tags": "quickstart,php,cakephp", "iconClass": "icon-php", - "template.openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", @@ -60,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -219,7 +217,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health.php", "port": 8080 } }, @@ -342,7 +340,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json index 0562982b3..3c964bd6a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json @@ -8,10 +8,11 @@ "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,php,cakephp", "iconClass": "icon-php", - "template.openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", @@ -60,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -219,7 +217,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health.php", "port": 8080 } }, @@ -325,7 +323,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json index 7a3875d09..0a10c5fbc 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", "tags": "quickstart,perl,dancer", "iconClass": "icon-perl", - "template.openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -206,7 +204,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health", "port": 8080 } }, @@ -307,7 +305,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json index 399ec72a8..6122d5436 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json @@ -8,10 +8,11 @@ "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,perl,dancer", "iconClass": "icon-perl", - "template.openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -206,7 +204,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health", "port": 8080 } }, @@ -290,7 +288,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json index e37f7a492..f3b5838fa 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", "tags": "quickstart,python,django", "iconClass": "icon-python", - "template.openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/django-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -311,7 +309,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json index 965c2ebfe..b21295df2 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json @@ -8,10 +8,11 @@ "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,python,django", "iconClass": "icon-python", - "template.openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/django-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -294,7 +292,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json index 6cf9d76eb..3771280bf 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json @@ -4,14 +4,15 @@ "metadata": { "name": "httpd-example", "annotations": { - "openshift.io/display-name": "Httpd", - "description": "An example Httpd application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", + "openshift.io/display-name": "Apache HTTP Server", + "description": "An example Apache HTTP Server (httpd) application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", "tags": "quickstart,httpd", "iconClass": "icon-apache", - "template.openshift.io/long-description": "This template defines resources needed to develop a static application served by httpd, including a build configuration and application deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/httpd-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a static application served by Apache HTTP Server (httpd), including a build configuration and application deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/httpd-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", @@ -45,10 +46,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json index 62f43bc0b..28b4b9d81 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "Jenkins service, without persistent storage.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins", - "template.openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", @@ -112,10 +112,6 @@ "value": "true" }, { - "name": "OPENSHIFT_JENKINS_JVM_ARCH", - "value": "${JVM_ARCH}" - }, - { "name": "KUBERNETES_MASTER", "value": "https://kubernetes.default:443" }, @@ -124,6 +120,10 @@ "value": "true" }, { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { "name": "JNLP_SERVICE_NAME", "value": "${JNLP_SERVICE_NAME}" } @@ -260,12 +260,6 @@ "value": "true" }, { - "name": "JVM_ARCH", - "displayName": "Jenkins JVM Architecture", - "description": "Whether Jenkins runs with a 32 bit (i386) or 64 bit (x86_64) JVM.", - "value": "i386" - }, - { "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json index e9068e455..4915bb12c 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json @@ -8,10 +8,10 @@ "description": "Jenkins service, with persistent storage.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins", - "template.openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", @@ -129,10 +129,6 @@ "value": "true" }, { - "name": "OPENSHIFT_JENKINS_JVM_ARCH", - "value": "${JVM_ARCH}" - }, - { "name": "KUBERNETES_MASTER", "value": "https://kubernetes.default:443" }, @@ -141,6 +137,10 @@ "value": "true" }, { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { "name": "JNLP_SERVICE_NAME", "value": "${JNLP_SERVICE_NAME}" } @@ -277,12 +277,6 @@ "value": "true" }, { - "name": "JVM_ARCH", - "displayName": "Jenkins JVM Architecture", - "description": "Whether Jenkins runs with a 32 bit (i386) or 64 bit (x86_64) JVM.", - "value": "i386" - }, - { "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json index df3704b9f..7f2a5d804 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json @@ -8,10 +8,11 @@ "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", "tags": "quickstart,nodejs", "iconClass": "icon-nodejs", - "template.openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -309,7 +307,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json index eb6ab33d9..b3afae46e 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json @@ -8,10 +8,11 @@ "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,nodejs", "iconClass": "icon-nodejs", - "template.openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -292,7 +290,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json index 59e2e41ea..1c03be28a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", "tags": "quickstart,ruby,rails", "iconClass": "icon-ruby", - "template.openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/rails-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", @@ -23,11 +24,7 @@ "kind": "Secret", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-username": "{.data['application-user']}", - "template.openshift.io/expose-password": "{.data['application-password']}" - } + "name": "${NAME}" }, "stringData" : { "database-user" : "${DATABASE_USER}", @@ -64,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -354,7 +348,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json index b3d080a91..240289d33 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json @@ -8,10 +8,11 @@ "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,ruby,rails", "iconClass": "icon-ruby", - "template.openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/rails-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", @@ -23,11 +24,7 @@ "kind": "Secret", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-username": "{.data['application-user']}", - "template.openshift.io/expose-password": "{.data['application-password']}" - } + "name": "${NAME}" }, "stringData" : { "database-user" : "${DATABASE_USER}", @@ -64,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -337,7 +331,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json index 0bb56452b..ed2dbf572 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json @@ -4,7 +4,8 @@ "metadata": { "name": "jboss-image-streams", "annotations": { - "description": "ImageStream definitions for JBoss Middleware products." + "description": "ImageStream definitions for JBoss Middleware products.", + "openshift.io/provider-display-name": "Red Hat, Inc." } }, "items": [ @@ -14,48 +15,65 @@ "metadata": { "name": "jboss-webserver30-tomcat7-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift", "tags": [ { "name": "1.1", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.0,tomcat:7,java:8,xpaas:1.1", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { "name": "1.2", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.0,tomcat:7,java:8,xpaas:1.2", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { "name": "1.3", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports":"tomcat7:3.0,tomcat:7,java:8,xpaas:1.3", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", - "version": "1.3" + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 ApacheTomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -67,48 +85,65 @@ "metadata": { "name": "jboss-webserver30-tomcat8-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift", "tags": [ { "name": "1.1", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.0,tomcat:8,java:8,xpaas:1.1", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { "name": "1.2", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.0,tomcat:8,java:8,xpaas:1.2", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { "name": "1.3", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports":"tomcat8:3.0,tomcat:8,java:8,xpaas:1.3", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", - "version": "1.3" + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -120,23 +155,48 @@ "metadata": { "name": "jboss-webserver31-tomcat7-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift", "tags": [ { "name": "1.0", "annotations": { - "description": "JBoss Web Server 3.1 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.1,tomcat:7,java:8,xpaas:1.4", + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.1" } } ] @@ -148,23 +208,48 @@ "metadata": { "name": "jboss-webserver31-tomcat8-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift", "tags": [ { "name": "1.0", "annotations": { - "description": "JBoss Web Server 3.1 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.1,tomcat:8,java:8,xpaas:1.4", + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.1" } } ] @@ -176,79 +261,122 @@ "metadata": { "name": "jboss-eap64-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + "openshift.io/display-name": "Red Hat JBoss EAP 6.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-eap-6/eap64-openshift", "tags": [ { "name": "1.1", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.1", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.2", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.3", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.4", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { "name": "1.5", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports":"eap:6.4,javaee:6,java:8,xpaas:1.5", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.6" } } ] @@ -260,51 +388,141 @@ "metadata": { "name": "jboss-eap70-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + "openshift.io/display-name": "Red Hat JBoss EAP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap70-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:7.0,javaee:7,java:8,xpaas:1.3", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:7.0,javaee:7,java:8,xpaas:1.4", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { "name": "1.5", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports":"eap:7.0,javaee:7,java:8,xpaas:1.5", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.6" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8,xpass:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "TP", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0-TP" + } + }, + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" } } ] @@ -316,24 +534,31 @@ "metadata": { "name": "jboss-decisionserver62-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift", "tags": [ { "name": "1.2", "annotations": { "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,xpaas", - "supports": "decisionserver:6.2,xpaas:1.2", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.2", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -345,37 +570,50 @@ "metadata": { "name": "jboss-decisionserver63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,xpaas", - "supports": "decisionserver:6.3,xpaas:1.3", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.3", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,java,xpaas", - "supports":"decisionserver:6.3,java:8,xpaas:1.4", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.3,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -385,22 +623,52 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jboss-decisionserver64-openshift" + "name": "jboss-decisionserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,java,xpaas", - "supports":"decisionserver:6.4,java:8,xpaas:1.4", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.1" } } ] @@ -412,37 +680,50 @@ "metadata": { "name": "jboss-processserver63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,xpaas", - "supports": "processserver:6.3,xpaas:1.3", + "iconClass": "icon-processserver", + "tags": "builder,processserver,hidden", + "supports": "processserver:6.3", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,java,xpaas", - "supports":"processserver:6.3,java:8,xpaas:1.4", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.3,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -452,22 +733,52 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jboss-processserver64-openshift" + "name": "jboss-processserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,java,xpaas", - "supports":"processserver:6.4,java:8,xpaas:1.4", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.1" } } ] @@ -479,42 +790,123 @@ "metadata": { "name": "jboss-datagrid65-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift", "tags": [ { "name": "1.2", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports": "datagrid:6.5,xpaas:1.2", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports": "datagrid:6.5,xpaas:1.4", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.1" } } ] @@ -526,20 +918,75 @@ "metadata": { "name": "jboss-datagrid65-client-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss Data Grid 6.5 Client Modules for EAP.", - "iconClass": "icon-jboss", - "tags": "client,jboss,xpaas", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 6.5 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -551,44 +998,76 @@ "metadata": { "name": "jboss-datavirt63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports": "datavirt:6.3,xpaas:1.4", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { "name": "1.1", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports": "datavirt:6.3,xpaas:1.4", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } - } + }, + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports":"datavirt:6.3", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.3" + } + } ] } }, @@ -598,20 +1077,42 @@ "metadata": { "name": "jboss-datavirt63-driver-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", - "iconClass": "icon-jboss", - "tags": "client,jboss,xpaas", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.1" } } ] @@ -623,55 +1124,106 @@ "metadata": { "name": "jboss-amq-62", "annotations": { - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq62-openshift", "tags": [ { "name": "1.1", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.1", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.2", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.3", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" } - } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports":"amq:6.2,messaging", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.6" + } + } ] } }, @@ -681,21 +1233,59 @@ "metadata": { "name": "jboss-amq-63", "annotations": { - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq63-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss A-MQ 6.3 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.3,messaging,xpaas:1.0", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.2" } } ] @@ -708,32 +1298,44 @@ "name": "redhat-sso70-openshift", "annotations": { "description": "Red Hat SSO 7.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + "openshift.io/display-name": "Red Hat Single Sign-On 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat SSO 7.0", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.0,xpaas:1.3", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat SSO 7.0", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.0,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -746,32 +1348,59 @@ "name": "redhat-sso71-openshift", "annotations": { "description": "Red Hat SSO 7.1", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + "openshift.io/display-name": "Red Hat Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso71-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat SSO 7.1", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.1,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { "name": "1.1", "annotations": { "description": "Red Hat SSO 7.1", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.1,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "Red Hat SSO 7.1", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", + "version": "1.2", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.2" } } ] @@ -783,23 +1412,31 @@ "metadata": { "name": "redhat-openjdk18-openshift", "annotations": { - "openshift.io/display-name": "Red Hat OpenJDK 8" + "openshift.io/display-name": "Red Hat OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift", "tags": [ { "name": "1.0", "annotations": { "openshift.io/display-name": "Red Hat OpenJDK 8", "description": "Build and run Java applications using Maven and OpenJDK 8.", - "iconClass": "icon-jboss", - "tags": "builder,java,xpaas,openjdk", - "supports": "java:8,xpaas:1.0", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk,hidden", + "supports": "java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -807,12 +1444,33 @@ "annotations": { "openshift.io/display-name": "Red Hat OpenJDK 8", "description": "Build and run Java applications using Maven and OpenJDK 8.", - "iconClass": "icon-jboss", - "tags": "builder,java,xpaas,openjdk", - "supports": "java:8,xpaas:1.4", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "description": "Build and run Java applications using Maven and OpenJDK 8.", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", + "sampleContextDir": "undertow-servlet", + "version": "1.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.2" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json index af20b373a..8f8e14cb6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Ephemeral, no SSL)" + "iconClass": "icon-amq", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral, no SSL)" }, "name": "amq62-basic" }, "labels": { "template": "amq62-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -83,6 +84,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -215,7 +223,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -322,6 +330,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json index 5acdbfabf..96f9d616f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Persistent with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "amq62-persistent-ssl" }, "labels": { "template": "amq62-persistent-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -26,9 +31,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -132,6 +137,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -360,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -523,6 +535,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } @@ -546,6 +562,114 @@ } }, { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { "apiVersion": "v1", "kind": "PersistentVolumeClaim", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json index b8089cd6d..67c812fb4 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Persistent, no SSL)" + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages, including message migration when the number of pods are reduced. This template doesn't feature SSL support.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq62-persistent" }, "labels": { "template": "amq62-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -26,9 +27,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -97,6 +98,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -229,7 +237,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -346,6 +354,118 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json index b52fdbfb0..9f488820c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Ephemeral with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq62-ssl" }, "labels": { "template": "amq62-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -118,6 +119,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -346,7 +354,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -501,6 +509,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json index d29f6a300..e13530764 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral, no SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral, no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq63-basic" }, "labels": { "template": "amq63-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -83,6 +84,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -215,7 +223,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -322,6 +330,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json index 47f6396dd..3eedee933 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Persistent with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-persistent-ssl" }, "labels": { "template": "amq63-persistent-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -26,9 +30,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -132,6 +136,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -360,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -523,6 +534,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } @@ -546,6 +561,114 @@ } }, { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { "apiVersion": "v1", "kind": "PersistentVolumeClaim", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json index 4b64203c4..7c0aec61a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Persistent, no SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration and using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-persistent" }, "labels": { "template": "amq63-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -26,9 +30,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -97,6 +101,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -229,7 +240,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -346,6 +357,118 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json index 20ad50016..a55403c79 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using ephemeral (temporary) storage and secure communication using SSL. These can be deployed as standalone or in a mesh.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-ssl" }, "labels": { "template": "amq63-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -118,6 +122,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -346,7 +357,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -501,6 +512,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json index 32433bef0..af390c13d 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 (Ephemeral, no https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-basic" }, "labels": { "template": "datagrid65-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", "parameters": [ @@ -227,7 +228,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json index e6f020400..97d02c788 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-https" }, "labels": { "template": "datagrid65-https", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -337,7 +338,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -502,6 +503,10 @@ "value": "${REST_SECURITY_DOMAIN}" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "JGROUPS_ENCRYPT_SECRET", "value": "${JGROUPS_ENCRYPT_SECRET}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json index ff57a7936..018132668 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JDG 6.5 and MySQL applications with persistent storage.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + MySQL (Persistent with https)" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datagrid65-mysql-persistent" }, "labels": { "template": "datagrid65-mysql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -457,7 +461,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -666,6 +670,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json index 44902de25..1e8ca1b51 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and MySQL applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + MySQL (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-mysql" }, "labels": { "template": "datagrid65-mysql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -450,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -659,6 +660,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json index 6b90e1370..4a1d818c9 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + PostgreSQL (Persistent with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -437,7 +442,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -646,6 +651,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json index ae36376db..d97bdfa75 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + PostgreSQL (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -430,7 +431,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -639,6 +640,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json new file mode 100644 index 000000000..d4b83da34 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json @@ -0,0 +1,420 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-basic" + }, + "labels": { + "template": "datagrid71-basic", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json new file mode 100644 index 000000000..2a46bd3a2 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json @@ -0,0 +1,602 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-https" + }, + "labels": { + "template": "datagrid71-https", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json new file mode 100644 index 000000000..72bdf2037 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json @@ -0,0 +1,904 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql-persistent" + }, + "labels": { + "template": "datagrid71-mysql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql.json index 9beae806b..99f97a7c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql.json @@ -3,68 +3,93 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 MySQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + MySQL (Ephemeral)" - }, - "name": "sso70-mysql" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql" }, "labels": { - "template": "sso70-mysql", - "xpaas": "1.4.0" + "template": "datagrid71-mysql", + "xpaas": "1.4.7" }, - "message": "A new SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", + "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "sso", + "value": "datagrid-app", "required": true }, { "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTP", "value": "", "required": false }, { "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", - "name": "DB_JNDI", - "value": "java:jboss/datasources/KeycloakDS", + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", "required": false }, { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false }, { - "displayName": "Service Account Name", - "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", - "name": "SERVICE_ACCOUNT_NAME", - "value": "sso-service-account", - "required": true + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false }, { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false + "value": "datagrid-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -74,27 +99,50 @@ "required": false }, { - "displayName": "Server Keystore Type", - "description": "The type of the keystore file (JKS or JCEKS)", - "name": "HTTPS_KEYSTORE_TYPE", - "value": "", - "required": false - }, - { "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate (e.g. jboss)", + "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", "required": false }, { "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", "value": "", "required": false }, { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Datasource Minimum Pool Size", "description": "Sets xa-pool/min-pool-size for the configured datasource.", "name": "DB_MIN_POOL_SIZE", @@ -143,121 +191,96 @@ "required": false }, { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", "required": true }, { - "displayName": "JGroups Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "sso-app-secret", + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", "required": false }, { - "displayName": "JGroups Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "jgroups.jceks", + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", "required": false }, { - "displayName": "JGroups Certificate Name", - "description": "The name associated with the server certificate (e.g. secret-key)", - "name": "JGROUPS_ENCRYPT_NAME", + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", "value": "", "required": false }, { - "displayName": "JGroups Keystore Password", - "description": "The password for the keystore and certificate (e.g. password)", - "name": "JGROUPS_ENCRYPT_PASSWORD", + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", "value": "", "required": false }, { - "displayName": "JGroups Cluster Password", - "description": "JGroups cluster password", - "name": "JGROUPS_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "SSO Admin Username", - "description": "SSO Server admin username", - "name": "SSO_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false }, { - "displayName": "SSO Admin Password", - "description": "SSO Server admin password", - "name": "SSO_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false }, { - "displayName": "SSO Realm", - "description": "Realm to be created in the SSO server (e.g. demo).", - "name": "SSO_REALM", + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", "value": "", "required": false }, { - "displayName": "SSO Service Username", - "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", - "name": "SSO_SERVICE_USERNAME", - "value": "", + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", "required": false }, { - "displayName": "SSO Service Password", - "description": "The password for the SSO service user.", - "name": "SSO_SERVICE_PASSWORD", - "value": "", + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", "required": false }, { - "displayName": "SSO Trust Store", - "description": "The name of the truststore file within the secret (e.g. truststore.jks)", - "name": "SSO_TRUSTSTORE", + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "displayName": "SSO Trust Store Password", - "description": "The password for the truststore and certificate (e.g. mykeystorepass)", - "name": "SSO_TRUSTSTORE_PASSWORD", + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false }, { - "displayName": "SSO Trust Store Secret", - "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", - "name": "SSO_TRUSTSTORE_SECRET", - "value": "sso-app-secret", - "required": false + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true }, { "displayName": "MySQL Image Stream Tag", @@ -285,11 +308,10 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "The web server's http port.", + "description": "The web server's HTTP port.", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" } } @@ -311,11 +333,60 @@ "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "The web server's https port.", + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" } } @@ -337,8 +408,7 @@ "metadata": { "name": "${APPLICATION_NAME}-mysql", "labels": { - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The database server's port." @@ -352,11 +422,10 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "Route for application's http service." + "description": "Route for application's HTTP service." } }, "spec": { @@ -373,11 +442,10 @@ "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "Route for application's https service." + "description": "Route for application's HTTPS service." } }, "spec": { @@ -396,8 +464,7 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" } }, "spec": { @@ -415,7 +482,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "jboss-datagrid71-openshift:1.1" } } }, @@ -432,52 +499,35 @@ "name": "${APPLICATION_NAME}", "labels": { "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" } }, "spec": { - "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", - "terminationGracePeriodSeconds": 75, + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, "containers": [ { "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", "readOnly": true }, { - "name": "eap-jgroups-keystore-volume", + "name": "datagrid-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true - }, - { - "name": "sso-truststore-volume", - "mountPath": "/etc/sso-secret-volume", - "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ "/bin/bash", "-c", - "/opt/eap/bin/livenessProbe.sh" + "/opt/datagrid/bin/livenessProbe.sh" ] } }, @@ -486,7 +536,7 @@ "command": [ "/bin/bash", "-c", - "/opt/eap/bin/readinessProbe.sh" + "/opt/datagrid/bin/readinessProbe.sh" ] } }, @@ -510,10 +560,65 @@ "name": "ping", "containerPort": 8888, "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" } ], "env": [ { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { "name": "DB_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-mysql=DB" }, @@ -550,6 +655,22 @@ "value": "${DB_TX_ISOLATION}" }, { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -562,38 +683,54 @@ } }, { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" }, { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" }, { - "name": "HTTPS_KEYSTORE_TYPE", - "value": "${HTTPS_KEYSTORE_TYPE}" + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" }, { - "name": "HTTPS_NAME", + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", "value": "${HTTPS_NAME}" }, { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" }, { - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "${JGROUPS_ENCRYPT_SECRET}" + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" }, { - "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", - "value": "/etc/jgroups-encrypt-secret-volume" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" }, { "name": "JGROUPS_ENCRYPT_KEYSTORE", "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { "name": "JGROUPS_ENCRYPT_NAME", "value": "${JGROUPS_ENCRYPT_NAME}" }, @@ -604,60 +741,22 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" - }, - { - "name": "SSO_ADMIN_USERNAME", - "value": "${SSO_ADMIN_USERNAME}" - }, - { - "name": "SSO_ADMIN_PASSWORD", - "value": "${SSO_ADMIN_PASSWORD}" - }, - { - "name": "SSO_REALM", - "value": "${SSO_REALM}" - }, - { - "name": "SSO_SERVICE_USERNAME", - "value": "${SSO_SERVICE_USERNAME}" - }, - { - "name": "SSO_SERVICE_PASSWORD", - "value": "${SSO_SERVICE_PASSWORD}" - }, - { - "name": "SSO_TRUSTSTORE", - "value": "${SSO_TRUSTSTORE}" - }, - { - "name": "SSO_TRUSTSTORE_DIR", - "value": "/etc/sso-secret-volume" - }, - { - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } ], "volumes": [ { - "name": "eap-keystore-volume", + "name": "datagrid-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } }, { - "name": "eap-jgroups-keystore-volume", + "name": "datagrid-jgroups-keystore-volume", "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } - }, - { - "name": "sso-truststore-volume", - "secret": { - "secretName": "${SSO_TRUSTSTORE_SECRET}" - } } ] } @@ -670,8 +769,7 @@ "metadata": { "name": "${APPLICATION_NAME}-mysql", "labels": { - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" } }, "spec": { @@ -706,12 +804,10 @@ "name": "${APPLICATION_NAME}-mysql", "labels": { "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" } }, "spec": { - "terminationGracePeriodSeconds": 60, "containers": [ { "name": "${APPLICATION_NAME}-mysql", diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json new file mode 100644 index 000000000..baf17dbbb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json @@ -0,0 +1,501 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-partition" + }, + "labels": { + "template": "datagrid71-partition", + "xpaas": "1.4.0" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "ADMIN_GROUP", + "description": "Comma delimited list of groups/roles for the Application Realm User", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "HOTROD_AUTHENTICATION", + "description": "True/False for HotRod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLE_MAPPER", + "description": "Container Role Mapper", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLES", + "description": "Comma Delimited List of Container Roles", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datagrid Volume Size", + "description": "Size of the volume used by Datagrid for persisting metadata.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "DATAGRID_SPLIT", + "value": "true", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8787, + "targetPort": 8787 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-debug", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/datagrid/standalone/partitioned_data", + "name": "${APPLICATION_NAME}-datagrid-pvol" + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + }, + { + "name": "debug", + "containerPort": 8787, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "DATAGRID_SPLIT", + "value": "${DATAGRID_SPLIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-datagrid-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-datagrid-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-datagrid-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json new file mode 100644 index 000000000..5cd6e854a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql-persistent" + }, + "labels": { + "template": "datagrid71-postgresql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql.json index aa8ebaa8e..505d67750 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql.json @@ -3,68 +3,93 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 PostgreSQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + PostgreSQL (Ephemeral)" - }, - "name": "sso70-postgresql" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql" }, "labels": { - "template": "sso70-postgresql", - "xpaas": "1.4.0" + "template": "datagrid71-postgresql", + "xpaas": "1.4.7" }, - "message": "A new SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", + "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "sso", + "value": "datagrid-app", "required": true }, { "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTP", "value": "", "required": false }, { "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", - "name": "DB_JNDI", - "value": "java:jboss/datasources/KeycloakDS", + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", "required": false }, { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false }, { - "displayName": "Service Account Name", - "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", - "name": "SERVICE_ACCOUNT_NAME", - "value": "sso-service-account", - "required": true + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false }, { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false + "value": "datagrid-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -74,27 +99,50 @@ "required": false }, { - "displayName": "Server Keystore Type", - "description": "The type of the keystore file (JKS or JCEKS)", - "name": "HTTPS_KEYSTORE_TYPE", - "value": "", - "required": false - }, - { "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate (e.g. jboss)", + "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", "required": false }, { "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", "value": "", "required": false }, { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Datasource Minimum Pool Size", "description": "Sets xa-pool/min-pool-size for the configured datasource.", "name": "DB_MIN_POOL_SIZE", @@ -125,121 +173,96 @@ "required": false }, { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", "required": true }, { - "displayName": "JGroups Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "sso-app-secret", + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", "required": false }, { - "displayName": "JGroups Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "jgroups.jceks", + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", "required": false }, { - "displayName": "JGroups Certificate Name", - "description": "The name associated with the server certificate (e.g. secret-key)", - "name": "JGROUPS_ENCRYPT_NAME", + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", "value": "", "required": false }, { - "displayName": "JGroups Keystore Password", - "description": "The password for the keystore and certificate (e.g. password)", - "name": "JGROUPS_ENCRYPT_PASSWORD", + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", "value": "", "required": false }, { - "displayName": "JGroups Cluster Password", - "description": "JGroups cluster password", - "name": "JGROUPS_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "SSO Admin Username", - "description": "SSO Server admin username", - "name": "SSO_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false }, { - "displayName": "SSO Admin Password", - "description": "SSO Server admin password", - "name": "SSO_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false }, { - "displayName": "SSO Realm", - "description": "Realm to be created in the SSO server (e.g. demo).", - "name": "SSO_REALM", + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", "value": "", "required": false }, { - "displayName": "SSO Service Username", - "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", - "name": "SSO_SERVICE_USERNAME", - "value": "", + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", "required": false }, { - "displayName": "SSO Service Password", - "description": "The password for the SSO service user.", - "name": "SSO_SERVICE_PASSWORD", - "value": "", + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", "required": false }, { - "displayName": "SSO Trust Store", - "description": "The name of the truststore file within the secret (e.g. truststore.jks)", - "name": "SSO_TRUSTSTORE", + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "displayName": "SSO Trust Store Password", - "description": "The password for the truststore and certificate (e.g. mykeystorepass)", - "name": "SSO_TRUSTSTORE_PASSWORD", + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false }, { - "displayName": "SSO Trust Store Secret", - "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", - "name": "SSO_TRUSTSTORE_SECRET", - "value": "sso-app-secret", - "required": false + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true }, { "displayName": "PostgreSQL Image Stream Tag", @@ -267,11 +290,10 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "The web server's http port.", + "description": "The web server's HTTP port.", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" } } @@ -293,11 +315,10 @@ "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "The web server's https port.", + "description": "The web server's HTTPS port.", "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" } } @@ -308,6 +329,54 @@ "spec": { "ports": [ { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { "port": 5432, "targetPort": 5432 } @@ -319,8 +388,7 @@ "metadata": { "name": "${APPLICATION_NAME}-postgresql", "labels": { - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" }, "annotations": { "description": "The database server's port." @@ -334,11 +402,10 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "Route for application's http service." + "description": "Route for application's HTTP service." } }, "spec": { @@ -355,11 +422,10 @@ "metadata": { "name": "secure-${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" }, "annotations": { - "description": "Route for application's https service." + "description": "Route for application's HTTPS service." } }, "spec": { @@ -378,8 +444,7 @@ "metadata": { "name": "${APPLICATION_NAME}", "labels": { - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" } }, "spec": { @@ -397,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "jboss-datagrid71-openshift:1.1" } } }, @@ -414,52 +479,35 @@ "name": "${APPLICATION_NAME}", "labels": { "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}", - "component": "server" + "application": "${APPLICATION_NAME}" } }, "spec": { - "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", - "terminationGracePeriodSeconds": 75, + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, "containers": [ { "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", "readOnly": true }, { - "name": "eap-jgroups-keystore-volume", + "name": "datagrid-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true - }, - { - "name": "sso-truststore-volume", - "mountPath": "/etc/sso-secret-volume", - "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ "/bin/bash", "-c", - "/opt/eap/bin/livenessProbe.sh" + "/opt/datagrid/bin/livenessProbe.sh" ] } }, @@ -468,7 +516,7 @@ "command": [ "/bin/bash", "-c", - "/opt/eap/bin/readinessProbe.sh" + "/opt/datagrid/bin/readinessProbe.sh" ] } }, @@ -492,10 +540,65 @@ "name": "ping", "containerPort": 8888, "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" } ], "env": [ { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { "name": "DB_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-postgresql=DB" }, @@ -532,6 +635,22 @@ "value": "${DB_TX_ISOLATION}" }, { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -544,38 +663,54 @@ } }, { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" }, { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" }, { - "name": "HTTPS_KEYSTORE_TYPE", - "value": "${HTTPS_KEYSTORE_TYPE}" + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" }, { - "name": "HTTPS_NAME", + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", "value": "${HTTPS_NAME}" }, { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" }, { - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "${JGROUPS_ENCRYPT_SECRET}" + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" }, { - "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", - "value": "/etc/jgroups-encrypt-secret-volume" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" }, { "name": "JGROUPS_ENCRYPT_KEYSTORE", "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { "name": "JGROUPS_ENCRYPT_NAME", "value": "${JGROUPS_ENCRYPT_NAME}" }, @@ -586,60 +721,22 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" - }, - { - "name": "SSO_ADMIN_USERNAME", - "value": "${SSO_ADMIN_USERNAME}" - }, - { - "name": "SSO_ADMIN_PASSWORD", - "value": "${SSO_ADMIN_PASSWORD}" - }, - { - "name": "SSO_REALM", - "value": "${SSO_REALM}" - }, - { - "name": "SSO_SERVICE_USERNAME", - "value": "${SSO_SERVICE_USERNAME}" - }, - { - "name": "SSO_SERVICE_PASSWORD", - "value": "${SSO_SERVICE_PASSWORD}" - }, - { - "name": "SSO_TRUSTSTORE", - "value": "${SSO_TRUSTSTORE}" - }, - { - "name": "SSO_TRUSTSTORE_DIR", - "value": "/etc/sso-secret-volume" - }, - { - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } ], "volumes": [ { - "name": "eap-keystore-volume", + "name": "datagrid-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } }, { - "name": "eap-jgroups-keystore-volume", + "name": "datagrid-jgroups-keystore-volume", "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } - }, - { - "name": "sso-truststore-volume", - "secret": { - "secretName": "${SSO_TRUSTSTORE_SECRET}" - } } ] } @@ -652,8 +749,7 @@ "metadata": { "name": "${APPLICATION_NAME}-postgresql", "labels": { - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" } }, "spec": { @@ -688,12 +784,10 @@ "name": "${APPLICATION_NAME}-postgresql", "labels": { "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}", - "component": "database" + "application": "${APPLICATION_NAME}" } }, "spec": { - "terminationGracePeriodSeconds": 60, "containers": [ { "name": "${APPLICATION_NAME}-postgresql", diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json index ea2f13742..b6885d6f6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datavirt", "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (no SSL)" + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datavirt63-basic-s2i" }, "labels": { "template": "datavirt63-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", "parameters": [ @@ -173,6 +174,11 @@ "name": "jdbc", "port": 31000, "targetPort": "jdbc" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" } ], "selector": { @@ -244,7 +250,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -262,7 +268,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -312,7 +318,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -415,6 +421,11 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json index 22b579ecc..a06f714a7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (with SSL and Extensions)" + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL and Extensions)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration, support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datavirt63-extensions-support-s2i" }, "labels": { "template": "datavirt63-extensions-support-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -288,6 +292,16 @@ "name": "jdbcs", "port": 31443, "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" } ], "selector": { @@ -470,7 +484,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -500,7 +514,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -559,7 +573,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -682,6 +696,16 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json index 9392c20a6..1758b1be0 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes ability to configure certificates for serving secure content.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (with SSL)" + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration and ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datavirt63-secure-s2i" }, "labels": { "template": "datavirt63-secure-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -401,6 +405,16 @@ "name": "jdbcs", "port": 31443, "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" } ], "selector": { @@ -524,7 +538,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -542,7 +556,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -592,7 +606,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -715,6 +729,16 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-basic-s2i.json deleted file mode 100644 index 25b2c162c..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-basic-s2i.json +++ /dev/null @@ -1,355 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server (no https)" - }, - "name": "decisionserver62-basic-s2i" - }, - "labels": { - "template": "decisionserver62-basic-s2i", - "xpaas": "1.3.3" - }, - "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-https-s2i.json deleted file mode 100644 index 85605d642..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-https-s2i.json +++ /dev/null @@ -1,496 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server (with https)" - }, - "name": "decisionserver62-https-s2i" - }, - "labels": { - "template": "decisionserver62-https-s2i", - "xpaas": "1.3.3" - }, - "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", - "required": true - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "decisionserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - } - ] - } - ], - "volumes": [ - { - "name": "decisionserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json index c688a2a67..3006a7265 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.4 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server + A-MQ (with https)" + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server with A-MQ application, including a build configuration and application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "decisionserver64-amq-s2i" }, "labels": { "template": "decisionserver64-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -392,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, @@ -626,7 +630,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json index 778c51844..eaee9c1a5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json @@ -4,16 +4,16 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BRMS 6.4 decision server applications built using S2I.", - "iconClass": "icon-jboss", + "iconClass": "icon-decisionserver", "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", + "version": "1.4.7", "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server (no https)" }, "name": "decisionserver64-basic-s2i" }, "labels": { "template": "decisionserver64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -227,7 +227,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json index e6c6961c1..cb6eb1706 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BRMS 6.4 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server (with https)" + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server, including a build configuration, application deployment configuration and secured using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "decisionserver64-https-s2i" }, "labels": { "template": "decisionserver64-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -323,7 +328,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json index 912838175..9ebbfd06c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + A-MQ (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -423,7 +427,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -700,7 +704,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json index dd4c7a27b..6b0e1a30c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + A-MQ (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -409,7 +413,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -683,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json index e13b3851b..17fdd2333 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application has been created in your project.", "parameters": [ @@ -216,7 +220,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json index 0da32eb40..8616ac04f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -340,7 +344,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json index 77b75466d..ea3b46d78 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MongoDB (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -454,7 +458,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json index 2785782d4..4aa9be281 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MongoDB applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MongoDB (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -447,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json index cca0f9c2b..304f11348 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MySQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json index 5766506fd..bc1cdaca5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MySQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -451,7 +455,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json index 01891774d..d2e6ea25b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -440,7 +444,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json index e00f2b0e3..7a2d4009e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -433,7 +437,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json index ec0739d04..368f147f4 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + Single Sign-On (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json index e8f6d6585..701f4eee6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 DB applications built using S2I. Includes support for installing third-party DB drivers.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https, supporting third-party DB drivers)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-third-party-db-s2i" }, "labels": { "template": "eap64-third-party-db-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -70,7 +74,7 @@ "displayName": "Drivers ImageStreamTag", "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", "name": "EXTENSIONS_IMAGE", - "value": "jboss-datavirt63-driver-openshift:1.0", + "value": "jboss-datavirt63-driver-openshift:1.1", "required": true }, { @@ -387,7 +391,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json index 3f0eba6e3..d16756bad 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + A-MQ (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -423,7 +427,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -700,7 +704,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json index f2d65f353..70323214f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + A-MQ (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -409,7 +413,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -683,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json index c33e3f7cb..312db1971 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application has been created in your project.", "parameters": [ @@ -216,7 +220,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -299,17 +303,6 @@ "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json index 7542d31c8..7c3b35f5a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -340,7 +344,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -436,17 +440,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json index 8a7da66c1..205e451c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MongoDB (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -454,7 +458,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -550,17 +554,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json index ae52a3deb..63b57d5dc 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MongoDB applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MongoDB (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Boss EAP 7.0 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -447,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -543,17 +547,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json index a0a3d7717..f9f77f22c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MySQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -554,17 +558,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json index 8255ade5d..8ea433a80 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MySQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -451,7 +455,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -547,17 +551,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json index 436c541d8..a2bc9d3b9 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + PostgreSQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -440,7 +444,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -536,17 +540,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json index a2a37a886..66b0c737d 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -433,7 +437,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -529,17 +533,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json index 08a844cd9..2201ff7f3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + Single Sign-On (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-sso-s2i" }, "labels": { "template": "eap70-sso-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -62,18 +66,26 @@ { "displayName": "Queues", "description": "Queue names", - "name": "HORNETQ_QUEUES", + "name": "MQ_QUEUES", "value": "", "required": false }, { "displayName": "Topics", "description": "Topic names", - "name": "HORNETQ_TOPICS", + "name": "MQ_TOPICS", "value": "", "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Service Account Name", "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", "name": "SERVICE_ACCOUNT_NAME", @@ -116,14 +128,6 @@ "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Github Webhook Secret", "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" }, "env": [ { @@ -578,17 +582,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ @@ -671,16 +664,16 @@ "value": "${HTTPS_PASSWORD}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { "name": "JGROUPS_ENCRYPT_SECRET", diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json index 9e854d7ab..3ca69f6c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 DB applications built using S2I. Includes support for installing third-party DB drivers.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (with https, supporting third-party DB drivers)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-third-party-db-s2i" }, "labels": { "template": "eap70-third-party-db-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -70,7 +74,7 @@ "displayName": "Drivers ImageStreamTag", "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", "name": "EXTENSIONS_IMAGE", - "value": "jboss-datavirt63-driver-openshift:1.0", + "value": "jboss-datavirt63-driver-openshift:1.1", "required": true }, { @@ -387,7 +391,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -498,17 +502,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-persistent-s2i.json index 1989036fa..dbc1a8013 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-persistent-s2i.json @@ -3,61 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server + A-MQ (with https)" - }, - "name": "decisionserver62-amq-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-persistent-s2i" }, "labels": { - "template": "decisionserver62-amq-s2i", - "xpaas": "1.3.3" + "template": "eap71-amq-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -85,21 +53,35 @@ "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "1.3", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "helloworld-mdb", "required": false }, { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", "name": "MQ_JNDI", - "value": "java:/JmsXA", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", "required": false }, { @@ -113,21 +95,35 @@ "displayName": "Queues", "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "value": "HELLOWORLDMDBQueue", "required": false }, { "displayName": "Topics", "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -138,17 +134,24 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -203,6 +206,62 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false } ], "objects": [ @@ -356,15 +415,19 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" } ], "forcePull": true, "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" + "name": "jboss-eap71-openshift:TP" } } }, @@ -441,7 +504,7 @@ } }, "spec": { - "serviceAccountName": "decisionserver-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -450,8 +513,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -488,30 +556,15 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { "name": "MQ_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-amq=MQ" }, @@ -540,30 +593,84 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" + "value": "/etc/eap-secret-volume" }, { "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, { "name": "HTTPS_PASSWORD", "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "decisionserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } @@ -581,7 +688,10 @@ }, "spec": { "strategy": { - "type": "Recreate" + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } }, "triggers": [ { @@ -594,7 +704,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -672,6 +782,12 @@ "protocol": "TCP" } ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], "env": [ { "name": "AMQ_USER", @@ -686,6 +802,22 @@ "value": "${MQ_PROTOCOL}" }, { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, @@ -707,10 +839,38 @@ } ] } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } ] } } } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-s2i.json index ecea54d94..6e330eae9 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-s2i.json @@ -3,68 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server + A-MQ (with https)" - }, - "name": "decisionserver63-amq-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,xpaas,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-s2i" }, "labels": { - "template": "decisionserver63-amq-s2i", - "xpaas": "1.4.0" + "template": "eap71-amq-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Request", - "description": "JNDI name of request queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "queue/KIE.SERVER.REQUEST", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -99,14 +60,14 @@ "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "helloworld-mdb", "required": false }, { "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", "name": "MQ_JNDI", - "value": "java:/JmsXA", + "value": "java:/ConnectionFactory", "required": false }, { @@ -120,22 +81,36 @@ "displayName": "Queues", "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "value": "HELLOWORLDMDBQueue", "required": false }, { "displayName": "Topics", "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -145,17 +120,24 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -212,6 +194,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -376,10 +401,6 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { "name": "MAVEN_MIRROR_URL", "value": "${MAVEN_MIRROR_URL}" }, @@ -392,7 +413,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-eap71-openshift:TP" } } }, @@ -447,8 +468,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -469,7 +490,7 @@ } }, "spec": { - "serviceAccountName": "decisionserver-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -478,8 +499,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -516,34 +542,15 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { "name": "MQ_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-amq=MQ" }, @@ -572,30 +579,84 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" + "value": "/etc/eap-secret-volume" }, { "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, { "name": "HTTPS_PASSWORD", "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "decisionserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } @@ -626,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -718,6 +779,18 @@ "value": "${MQ_PROTOCOL}" }, { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-basic-s2i.json index d655dbe94..892ec468c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-basic-s2i.json @@ -3,47 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "decisionserver63-basic-s2i" + "name": "eap71-basic-s2i" }, "labels": { - "template": "decisionserver63-basic-s2i", - "xpaas": "1.4.0" + "template": "eap71-basic-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", + "message": "A new EAP 7 based application has been created in your project.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -57,41 +39,41 @@ "displayName": "Git Repository URL", "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", "required": true }, { "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", + "value": "7.0.0.GA", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "kitchensink", "required": false }, { "displayName": "Queues", "description": "Queue names", - "name": "HORNETQ_QUEUES", + "name": "MQ_QUEUES", "value": "", "required": false }, { "displayName": "Topics", "description": "Topic names", - "name": "HORNETQ_TOPICS", + "name": "MQ_TOPICS", "value": "", "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true @@ -120,6 +102,21 @@ "required": true }, { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -211,10 +208,6 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { "name": "MAVEN_MIRROR_URL", "value": "${MAVEN_MIRROR_URL}" }, @@ -227,7 +220,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-eap71-openshift:TP" } } }, @@ -282,8 +275,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -304,7 +297,7 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -338,32 +331,45 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" }, { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-https-s2i.json index 5e956f449..7426830ec 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-https.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-https-s2i.json @@ -3,54 +3,93 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "sso70-https" + "name": "eap71-https-s2i" }, "labels": { - "template": "sso70-https", - "xpaas": "1.4.0" + "template": "eap71-https-s2i", + "xpaas": "1.4.7" }, - "message": "A new SSO service has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "sso", + "value": "eap-app", "required": true }, { "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTP", "value": "", "required": false }, { "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { "displayName": "Service Account Name", "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", "name": "SERVICE_ACCOUNT_NAME", - "value": "sso-service-account", + "value": "eap7-service-account", "required": true }, { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -68,41 +107,54 @@ }, { "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate (e.g. jboss)", + "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", "required": false }, { "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", "value": "", "required": false }, { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true }, { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true }, { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true }, { "displayName": "JGroups Secret Name", "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "sso-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -114,14 +166,14 @@ }, { "displayName": "JGroups Certificate Name", - "description": "The name associated with the server certificate (e.g. secret-key)", + "description": "The name associated with the server certificate", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { "displayName": "JGroups Keystore Password", - "description": "The password for the keystore and certificate (e.g. password)", + "description": "The password for the keystore and certificate", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -135,69 +187,24 @@ "required": true }, { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "SSO Admin Username", - "description": "SSO Server admin username", - "name": "SSO_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Admin Password", - "description": "SSO Server admin password", - "name": "SSO_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Realm", - "description": "Realm to be created in the SSO server (e.g. demo).", - "name": "SSO_REALM", - "value": "", + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", "required": false }, { - "displayName": "SSO Service Username", - "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", - "name": "SSO_SERVICE_USERNAME", + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", "value": "", "required": false }, { - "displayName": "SSO Service Password", - "description": "The password for the SSO service user.", - "name": "SSO_SERVICE_PASSWORD", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", "value": "", "required": false - }, - { - "displayName": "SSO Trust Store", - "description": "The name of the truststore file within the secret (e.g. truststore.jks)", - "name": "SSO_TRUSTSTORE", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Password", - "description": "The password for the truststore and certificate (e.g. mykeystorepass)", - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Secret", - "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", - "name": "SSO_TRUSTSTORE_SECRET", - "value": "sso-app-secret", - "required": false } ], "objects": [ @@ -293,6 +300,84 @@ } }, { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { @@ -315,8 +400,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "${APPLICATION_NAME}:latest" } } }, @@ -354,24 +438,8 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true - }, - { - "name": "sso-truststore-volume", - "mountPath": "/etc/sso-secret-volume", - "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ @@ -414,18 +482,6 @@ ], "env": [ { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -458,6 +514,18 @@ "value": "${HTTPS_PASSWORD}" }, { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { "name": "JGROUPS_ENCRYPT_SECRET", "value": "${JGROUPS_ENCRYPT_SECRET}" }, @@ -482,36 +550,8 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_ADMIN_USERNAME", - "value": "${SSO_ADMIN_USERNAME}" - }, - { - "name": "SSO_ADMIN_PASSWORD", - "value": "${SSO_ADMIN_PASSWORD}" - }, - { - "name": "SSO_REALM", - "value": "${SSO_REALM}" - }, - { - "name": "SSO_SERVICE_USERNAME", - "value": "${SSO_SERVICE_USERNAME}" - }, - { - "name": "SSO_SERVICE_PASSWORD", - "value": "${SSO_SERVICE_PASSWORD}" - }, - { - "name": "SSO_TRUSTSTORE", - "value": "${SSO_TRUSTSTORE}" - }, - { - "name": "SSO_TRUSTSTORE_DIR", - "value": "/etc/sso-secret-volume" - }, - { - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "${SSO_TRUSTSTORE_PASSWORD}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -528,12 +568,6 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } - }, - { - "name": "sso-truststore-volume", - "secret": { - "secretName": "${SSO_TRUSTSTORE_SECRET}" - } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-persistent-s2i.json index de86dd83e..fb7f27acf 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-persistent-s2i.json @@ -3,25 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MongoDB (Persistent with https)" - }, - "name": "jws30-tomcat8-mongodb-persistent-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-persistent-s2i" }, - "message": "A new persistent JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "labels": { - "template": "jws30-tomcat8-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "template": "eap71-mongodb-persistent-s2i", + "xpaas": "1.4.7" }, + "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "jws-app", + "value": "eap-app", "required": true }, { @@ -49,7 +53,7 @@ "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "1.3", "required": false }, { @@ -81,30 +85,58 @@ "required": true }, { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", "required": true }, { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", "required": false }, { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", "required": false }, { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -145,6 +177,14 @@ "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Database Username", "description": "Database user name", "name": "DB_USERNAME", @@ -169,22 +209,6 @@ "required": true }, { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Github Webhook Secret", "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -208,6 +232,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -391,7 +458,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-eap71-openshift:TP" } } }, @@ -468,29 +535,43 @@ } }, "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "readinessProbe": { + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { "exec": { "command": [ "/bin/bash", "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + "/opt/eap/bin/livenessProbe.sh" ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] } - ], + }, "ports": [ { "name": "jolokia", @@ -506,6 +587,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -546,37 +632,91 @@ "value": "${DB_TX_ISOLATION}" }, { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" }, { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "jws-certificate-volume", + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", "secret": { - "secretName": "${JWS_HTTPS_SECRET}" + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-s2i.json index 2a73a182c..915c9ba0a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-s2i.json @@ -3,25 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MongoDB (Persistent with https)" - }, - "name": "jws30-tomcat7-mongodb-persistent-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-s2i" }, "labels": { - "template": "jws30-tomcat7-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "template": "eap71-mongodb-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "jws-app", + "value": "eap-app", "required": true }, { @@ -49,7 +53,7 @@ "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "1.3", "required": false }, { @@ -74,37 +78,58 @@ "required": true }, { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", "required": true }, { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", "required": true }, { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", "required": false }, { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", "required": false }, { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", "value": "", "required": false }, @@ -145,6 +170,14 @@ "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Database Username", "description": "Database user name", "name": "DB_USERNAME", @@ -169,22 +202,6 @@ "required": true }, { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Github Webhook Secret", "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -208,6 +225,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -391,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-eap71-openshift:TP" } } }, @@ -468,29 +528,43 @@ } }, "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "readinessProbe": { + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { "exec": { "command": [ "/bin/bash", "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + "/opt/eap/bin/livenessProbe.sh" ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] } - ], + }, "ports": [ { "name": "jolokia", @@ -506,6 +580,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -546,37 +625,91 @@ "value": "${DB_TX_ISOLATION}" }, { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" }, { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" }, { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" }, { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "jws-certificate-volume", + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", "secret": { - "secretName": "${JWS_HTTPS_SECRET}" + "secretName": "${JGROUPS_ENCRYPT_SECRET}" } } ] @@ -641,12 +774,6 @@ "protocol": "TCP" } ], - "volumeMounts": [ - { - "mountPath": "/var/lib/mongodb/data", - "name": "${APPLICATION_NAME}-mongodb-pvol" - } - ], "env": [ { "name": "MONGODB_USER", @@ -678,38 +805,10 @@ } ] } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-mongodb-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-mongodb-claim" - } - } ] } } } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-mongodb-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-persistent-s2i.json index f76b07b0b..6af9e5f50 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-persistent-s2i.json @@ -3,75 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + MySQL (Persistent with https)" - }, - "name": "processserver63-mysql-persistent-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-persistent-s2i" }, "labels": { - "template": "processserver63-mysql-persistent-s2i", - "xpaas": "1.4.0" + "template": "eap71-mysql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.MySQL5Dialect", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -106,14 +60,14 @@ "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "processserver/library", + "value": "todolist/todolist-jdbc", "required": false }, { "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", + "value": "java:jboss/datasources/TodoListDS", "required": false }, { @@ -133,23 +87,30 @@ { "displayName": "Queues", "description": "Queue names", - "name": "HORNETQ_QUEUES", + "name": "MQ_QUEUES", "value": "", "required": false }, { "displayName": "Topics", "description": "Topic names", - "name": "HORNETQ_TOPICS", + "name": "MQ_TOPICS", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -159,36 +120,27 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Datasource Minimum Pool Size", "description": "Sets xa-pool/min-pool-size for the configured datasource.", "name": "DB_MIN_POOL_SIZE", @@ -237,9 +189,25 @@ "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true @@ -268,6 +236,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -439,10 +450,6 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { "name": "MAVEN_MIRROR_URL", "value": "${MAVEN_MIRROR_URL}" }, @@ -455,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-eap71-openshift:TP" } } }, @@ -510,8 +517,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -532,8 +539,8 @@ } }, "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -541,8 +548,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -579,43 +591,16 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-mysql=DB" }, { @@ -635,6 +620,10 @@ "value": "${DB_DATABASE}" }, { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { "name": "DB_MIN_POOL_SIZE", "value": "${DB_MIN_POOL_SIZE}" }, @@ -647,78 +636,100 @@ "value": "${DB_TX_ISOLATION}" }, { - "name": "QUARTZ_JNDI", - "value": "${DB_JNDI}NotManaged" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "QUARTZ_USERNAME", - "value": "${DB_USERNAME}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "QUARTZ_PASSWORD", - "value": "${DB_PASSWORD}" + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" }, { - "name": "QUARTZ_DATABASE", - "value": "${DB_DATABASE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "QUARTZ_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "QUARTZ_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "QUARTZ_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { - "name": "QUARTZ_JTA", - "value": "false" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" }, { - "name": "QUARTZ_NONXA", - "value": "true" + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" }, { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" }, { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" } ] } ], "volumes": [ { - "name": "processserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-s2i.json index 0fb2703c7..c7d14d3c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-s2i.json @@ -3,46 +3,71 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 MySQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + MySQL (Persistent)" - }, - "name": "sso70-mysql-persistent" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-s2i" }, "labels": { - "template": "sso70-mysql-persistent", - "xpaas": "1.4.0" + "template": "eap71-mysql-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", + "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "sso", + "value": "eap-app", "required": true }, { "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTP", "value": "", "required": false }, { "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { "displayName": "Database JNDI Name", "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", "name": "DB_JNDI", - "value": "java:jboss/datasources/KeycloakDS", + "value": "java:jboss/datasources/TodoListDS", "required": false }, { @@ -53,18 +78,32 @@ "required": true }, { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { "displayName": "Service Account Name", "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", "name": "SERVICE_ACCOUNT_NAME", - "value": "sso-service-account", + "value": "eap7-service-account", "required": true }, { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -82,14 +121,14 @@ }, { "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate (e.g. jboss)", + "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", "required": false }, { "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", "value": "", "required": false @@ -143,6 +182,14 @@ "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Database Username", "description": "Database user name", "name": "DB_USERNAME", @@ -159,17 +206,33 @@ "required": true }, { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", "required": true }, { "displayName": "JGroups Secret Name", "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "sso-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -181,14 +244,14 @@ }, { "displayName": "JGroups Certificate Name", - "description": "The name associated with the server certificate (e.g. secret-key)", + "description": "The name associated with the server certificate", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { "displayName": "JGroups Keystore Password", - "description": "The password for the keystore and certificate (e.g. password)", + "description": "The password for the keystore and certificate", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -202,71 +265,26 @@ "required": true }, { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "SSO Admin Username", - "description": "SSO Server admin username", - "name": "SSO_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Admin Password", - "description": "SSO Server admin password", - "name": "SSO_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Realm", - "description": "Realm to be created in the SSO server (e.g. demo).", - "name": "SSO_REALM", - "value": "", + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", "required": false }, { - "displayName": "SSO Service Username", - "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", - "name": "SSO_SERVICE_USERNAME", + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", "value": "", "required": false }, { - "displayName": "SSO Service Password", - "description": "The password for the SSO service user.", - "name": "SSO_SERVICE_PASSWORD", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", "value": "", "required": false }, { - "displayName": "SSO Trust Store", - "description": "The name of the truststore file within the secret (e.g. truststore.jks)", - "name": "SSO_TRUSTSTORE", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Password", - "description": "The password for the truststore and certificate (e.g. mykeystorepass)", - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Secret", - "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", - "name": "SSO_TRUSTSTORE_SECRET", - "value": "sso-app-secret", - "required": false - }, - { "displayName": "MySQL Image Stream Tag", "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", "name": "MYSQL_IMAGE_STREAM_TAG", @@ -393,6 +411,84 @@ } }, { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { @@ -415,8 +511,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "${APPLICATION_NAME}:latest" } } }, @@ -454,24 +549,8 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true - }, - { - "name": "sso-truststore-volume", - "mountPath": "/etc/sso-secret-volume", - "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ @@ -582,6 +661,18 @@ "value": "${HTTPS_PASSWORD}" }, { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { "name": "JGROUPS_ENCRYPT_SECRET", "value": "${JGROUPS_ENCRYPT_SECRET}" }, @@ -606,36 +697,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_ADMIN_USERNAME", - "value": "${SSO_ADMIN_USERNAME}" - }, - { - "name": "SSO_ADMIN_PASSWORD", - "value": "${SSO_ADMIN_PASSWORD}" - }, - { - "name": "SSO_REALM", - "value": "${SSO_REALM}" - }, - { - "name": "SSO_SERVICE_USERNAME", - "value": "${SSO_SERVICE_USERNAME}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" }, { - "name": "SSO_SERVICE_PASSWORD", - "value": "${SSO_SERVICE_PASSWORD}" + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" }, { - "name": "SSO_TRUSTSTORE", - "value": "${SSO_TRUSTSTORE}" - }, - { - "name": "SSO_TRUSTSTORE_DIR", - "value": "/etc/sso-secret-volume" - }, - { - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "${SSO_TRUSTSTORE_PASSWORD}" + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" } ] } @@ -652,12 +723,6 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } - }, - { - "name": "sso-truststore-volume", - "secret": { - "secretName": "${SSO_TRUSTSTORE_SECRET}" - } } ] } @@ -721,12 +786,6 @@ "protocol": "TCP" } ], - "volumeMounts": [ - { - "mountPath": "/var/lib/mysql/data", - "name": "${APPLICATION_NAME}-mysql-pvol" - } - ], "env": [ { "name": "MYSQL_USER", @@ -762,38 +821,10 @@ } ] } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-mysql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-mysql-claim" - } - } ] } } } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-mysql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-persistent-s2i.json index 361b177f9..a8d77b0ab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-persistent-s2i.json @@ -3,75 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + PostgreSQL (Persistent with https)" - }, - "name": "processserver63-postgresql-persistent-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-persistent-s2i" }, "labels": { - "template": "processserver63-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "template": "eap71-postgresql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.PostgreSQL82Dialect", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -106,14 +60,14 @@ "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "processserver/library", + "value": "todolist/todolist-jdbc", "required": false }, { "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", + "value": "java:jboss/datasources/TodoListDS", "required": false }, { @@ -133,23 +87,30 @@ { "displayName": "Queues", "description": "Queue names", - "name": "HORNETQ_QUEUES", + "name": "MQ_QUEUES", "value": "", "required": false }, { "displayName": "Topics", "description": "Topic names", - "name": "HORNETQ_TOPICS", + "name": "MQ_TOPICS", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -159,36 +120,27 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Datasource Minimum Pool Size", "description": "Sets xa-pool/min-pool-size for the configured datasource.", "name": "DB_MIN_POOL_SIZE", @@ -219,9 +171,25 @@ "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true @@ -250,6 +218,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -421,10 +432,6 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { "name": "MAVEN_MIRROR_URL", "value": "${MAVEN_MIRROR_URL}" }, @@ -437,7 +444,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-eap71-openshift:TP" } } }, @@ -492,8 +499,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -514,8 +521,8 @@ } }, "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -523,8 +530,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -561,43 +573,16 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-postgresql=DB" }, { @@ -617,6 +602,10 @@ "value": "${DB_DATABASE}" }, { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { "name": "DB_MIN_POOL_SIZE", "value": "${DB_MIN_POOL_SIZE}" }, @@ -629,78 +618,100 @@ "value": "${DB_TX_ISOLATION}" }, { - "name": "QUARTZ_JNDI", - "value": "${DB_JNDI}NotManaged" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "QUARTZ_USERNAME", - "value": "${DB_USERNAME}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "QUARTZ_PASSWORD", - "value": "${DB_PASSWORD}" + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" }, { - "name": "QUARTZ_DATABASE", - "value": "${DB_DATABASE}" + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" }, { - "name": "QUARTZ_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "QUARTZ_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "QUARTZ_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { - "name": "QUARTZ_JTA", - "value": "false" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" }, { - "name": "QUARTZ_NONXA", - "value": "true" + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" }, { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" }, { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" } ] } ], "volumes": [ { - "name": "processserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } @@ -788,6 +799,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-s2i.json index e22399351..d87f05ea8 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-s2i.json @@ -3,46 +3,71 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + PostgreSQL (Persistent)" - }, - "name": "sso70-postgresql-persistent" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-s2i" }, "labels": { - "template": "sso70-postgresql-persistent", - "xpaas": "1.4.0" + "template": "eap71-postgresql-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", + "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "sso", + "value": "eap-app", "required": true }, { "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTP", "value": "", "required": false }, { "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", "name": "HOSTNAME_HTTPS", "value": "", "required": false }, { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { "displayName": "Database JNDI Name", "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", "name": "DB_JNDI", - "value": "java:jboss/datasources/KeycloakDS", + "value": "java:jboss/datasources/TodoListDS", "required": false }, { @@ -53,18 +78,32 @@ "required": true }, { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { "displayName": "Service Account Name", "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", "name": "SERVICE_ACCOUNT_NAME", - "value": "sso-service-account", + "value": "eap7-service-account", "required": true }, { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -82,14 +121,14 @@ }, { "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate (e.g. jboss)", + "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", "required": false }, { "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", "value": "", "required": false @@ -125,6 +164,14 @@ "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Database Username", "description": "Database user name", "name": "DB_USERNAME", @@ -141,17 +188,33 @@ "required": true }, { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", "required": true }, { "displayName": "JGroups Secret Name", "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "sso-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -163,14 +226,14 @@ }, { "displayName": "JGroups Certificate Name", - "description": "The name associated with the server certificate (e.g. secret-key)", + "description": "The name associated with the server certificate", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { "displayName": "JGroups Keystore Password", - "description": "The password for the keystore and certificate (e.g. password)", + "description": "The password for the keystore and certificate", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,71 +247,26 @@ "required": true }, { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "SSO Admin Username", - "description": "SSO Server admin username", - "name": "SSO_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Admin Password", - "description": "SSO Server admin password", - "name": "SSO_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "SSO Realm", - "description": "Realm to be created in the SSO server (e.g. demo).", - "name": "SSO_REALM", - "value": "", + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", "required": false }, { - "displayName": "SSO Service Username", - "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", - "name": "SSO_SERVICE_USERNAME", + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", "value": "", "required": false }, { - "displayName": "SSO Service Password", - "description": "The password for the SSO service user.", - "name": "SSO_SERVICE_PASSWORD", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", "value": "", "required": false }, { - "displayName": "SSO Trust Store", - "description": "The name of the truststore file within the secret (e.g. truststore.jks)", - "name": "SSO_TRUSTSTORE", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Password", - "description": "The password for the truststore and certificate (e.g. mykeystorepass)", - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "SSO Trust Store Secret", - "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", - "name": "SSO_TRUSTSTORE_SECRET", - "value": "sso-app-secret", - "required": false - }, - { "displayName": "PostgreSQL Image Stream Tag", "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", "name": "POSTGRESQL_IMAGE_STREAM_TAG", @@ -375,6 +393,84 @@ } }, { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { @@ -397,8 +493,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "${APPLICATION_NAME}:latest" } } }, @@ -436,24 +531,8 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true - }, - { - "name": "sso-truststore-volume", - "mountPath": "/etc/sso-secret-volume", - "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ @@ -564,6 +643,18 @@ "value": "${HTTPS_PASSWORD}" }, { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { "name": "JGROUPS_ENCRYPT_SECRET", "value": "${JGROUPS_ENCRYPT_SECRET}" }, @@ -588,36 +679,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_ADMIN_USERNAME", - "value": "${SSO_ADMIN_USERNAME}" - }, - { - "name": "SSO_ADMIN_PASSWORD", - "value": "${SSO_ADMIN_PASSWORD}" - }, - { - "name": "SSO_REALM", - "value": "${SSO_REALM}" - }, - { - "name": "SSO_SERVICE_USERNAME", - "value": "${SSO_SERVICE_USERNAME}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" }, { - "name": "SSO_SERVICE_PASSWORD", - "value": "${SSO_SERVICE_PASSWORD}" + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" }, { - "name": "SSO_TRUSTSTORE", - "value": "${SSO_TRUSTSTORE}" - }, - { - "name": "SSO_TRUSTSTORE_DIR", - "value": "/etc/sso-secret-volume" - }, - { - "name": "SSO_TRUSTSTORE_PASSWORD", - "value": "${SSO_TRUSTSTORE_PASSWORD}" + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" } ] } @@ -634,12 +705,6 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } - }, - { - "name": "sso-truststore-volume", - "secret": { - "secretName": "${SSO_TRUSTSTORE_SECRET}" - } } ] } @@ -703,12 +768,6 @@ "protocol": "TCP" } ], - "volumeMounts": [ - { - "mountPath": "/var/lib/pgsql/data", - "name": "${APPLICATION_NAME}-postgresql-pvol" - } - ], "env": [ { "name": "POSTGRESQL_USER", @@ -736,38 +795,10 @@ } ] } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-postgresql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-postgresql-claim" - } - } ] } } } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json new file mode 100644 index 000000000..96b3dffc9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-sso-s2i" + }, + "labels": { + "template": "eap71-sso-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "displayName": "Custom https Route Hostname", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "URL for SSO", + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "displayName": "URL for SSO (internal service)", + "description": "The URL for the internal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "displayName": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "displayName": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "displayName": "SSO Password", + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Public Key", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "displayName": "SSO Bearer Only?", + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "displayName": "SSO SAML Keystore Secret", + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "SSO SAML Keystore", + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "SSO SAML Certificate Name", + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "SSO SAML Keystore Password", + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "SSO Client Secret", + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Enable CORS for SSO?", + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "displayName": "SSO SAML Logout Page", + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "displayName": "Disable SSL Validation in EAP->SSO communication", + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "displayName": "SSO Trust Store", + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Password", + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Secret", + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-third-party-db-s2i.json index 78e79c0cf..a2a7264fb 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-third-party-db-s2i.json @@ -3,61 +3,36 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "decisionserver63-https-s2i" + "name": "eap71-third-party-db-s2i" }, "labels": { - "template": "decisionserver63-https-s2i", - "xpaas": "1.4.0" + "template": "eap71-third-party-db-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", + "required": true + }, + { + "displayName": "Configuration Secret Name", + "description": "The name of the secret containing configuration properties for the datasources.", + "name": "CONFIGURATION_NAME", + "value": "eap-app-config", "required": true }, { @@ -78,42 +53,70 @@ "displayName": "Git Repository URL", "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", "required": true }, { "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", + "value": "master", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "datavirt/hibernate-webapp", "required": false }, { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", + "displayName": "Drivers ImageStreamTag", + "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", + "name": "EXTENSIONS_IMAGE", + "value": "jboss-datavirt63-driver-openshift:1.1", + "required": true + }, + { + "displayName": "Drivers ImageStream Namespace", + "description": "Namespace within which the ImageStream definition for the image containing the drivers and configuration is located.", + "name": "EXTENSIONS_IMAGE_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Drivers Image Install Directory", + "description": "Full path to the directory within the extensions image where the extensions are located (e.g. install.sh, modules/, etc.)", + "name": "EXTENSIONS_INSTALL_DIR", + "value": "/extensions", + "required": true + }, + { + "displayName": "Queue Names", + "description": "Queue names to preconfigure within Messaging subsystem.", + "name": "MQ_QUEUES", "value": "", "required": false }, { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", + "displayName": "Topic Names", + "description": "Topic names to preconfigure within Messaging subsystem.", + "name": "MQ_TOPICS", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", + "value": "eap-app-secret", "required": true }, { @@ -124,6 +127,13 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -138,16 +148,16 @@ "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", + "displayName": "Messaging Cluster Admin Password", + "description": "Admin password for Messaging cluster.", + "name": "MQ_CLUSTER_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true }, { "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", + "description": "A secret string used to configure the GitHub webhook.", "name": "GITHUB_WEBHOOK_SECRET", "from": "[a-zA-Z0-9]{8}", "generate": "expression", @@ -155,7 +165,7 @@ }, { "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", + "description": "A secret string used to configure the Generic webhook.", "name": "GENERIC_WEBHOOK_SECRET", "from": "[a-zA-Z0-9]{8}", "generate": "expression", @@ -169,6 +179,49 @@ "required": true }, { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the JGroups secret.", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the JGroups server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { "displayName": "Maven mirror URL", "description": "Maven mirror to use for S2I builds", "name": "MAVEN_MIRROR_URL", @@ -300,21 +353,36 @@ "uri": "${SOURCE_REPOSITORY_URL}", "ref": "${SOURCE_REPOSITORY_REF}" }, - "contextDir": "${CONTEXT_DIR}" + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "${EXTENSIONS_INSTALL_DIR}/." + } + ] + } + ] }, "strategy": { "type": "Source", "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { "name": "MAVEN_MIRROR_URL", "value": "${MAVEN_MIRROR_URL}" }, { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { "name": "ARTIFACT_DIR", "value": "${ARTIFACT_DIR}" } @@ -323,7 +391,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-eap71-openshift:TP" } } }, @@ -351,6 +419,16 @@ "imageChange": {} }, { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + } + } + }, + { "type": "ConfigChange" } ] @@ -378,8 +456,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -400,8 +478,8 @@ } }, "spec": { - "serviceAccountName": "decisionserver-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -409,8 +487,18 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", + "name": "configuration", + "mountPath": "/etc/eap-environment", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -447,38 +535,43 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" + "name": "ENV_FILES", + "value": "/etc/eap-environment/*" }, { "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" + "value": "/etc/eap-secret-volume" }, { "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -487,26 +580,66 @@ "value": "${HTTPS_PASSWORD}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "decisionserver-keystore-volume", + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-basic-s2i.json deleted file mode 100644 index 4e42e0eca..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ /dev/null @@ -1,319 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 (no https)" - }, - "name": "jws30-tomcat7-basic-s2i" - }, - "labels": { - "template": "jws30-tomcat7-basic-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "tomcat-websocket-chat", - "required": false - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-https-s2i.json deleted file mode 100644 index f5fc2e581..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-https-s2i.json +++ /dev/null @@ -1,438 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 (with https)" - }, - "name": "jws30-tomcat7-https-s2i" - }, - "labels": { - "template": "jws30-tomcat7-https-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "tomcat-websocket-chat", - "required": false - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-s2i.json deleted file mode 100644 index a71dfa634..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ /dev/null @@ -1,674 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MongoDB (Ephemeral with https)" - }, - "name": "jws30-tomcat7-mongodb-s2i" - }, - "labels": { - "template": "jws30-tomcat7-mongodb-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-mongodb", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", - "name": "DB_JNDI", - "value": "", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MongoDB No Preallocation", - "description": "Disable data file preallocation.", - "name": "MONGODB_NOPREALLOC", - "required": false - }, - { - "displayName": "MongoDB Small Files", - "description": "Set MongoDB to use a smaller default data file size.", - "name": "MONGODB_SMALLFILES", - "required": false - }, - { - "displayName": "MongoDB Quiet", - "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", - "name": "MONGODB_QUIET", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database admin password", - "description": "Database admin password", - "name": "DB_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MongoDB Image Stream Tag", - "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", - "name": "MONGODB_IMAGE_STREAM_TAG", - "value": "3.2", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 27017, - "targetPort": 27017 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mongodb=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_ADMIN_PASSWORD", - "value": "${DB_ADMIN_PASSWORD}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mongodb" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mongodb", - "image": "mongodb", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 27017, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MONGODB_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MONGODB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MONGODB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DB_ADMIN_PASSWORD}" - }, - { - "name": "MONGODB_NOPREALLOC", - "value": "${MONGODB_NOPREALLOC}" - }, - { - "name": "MONGODB_SMALLFILES", - "value": "${MONGODB_SMALLFILES}" - }, - { - "name": "MONGODB_QUIET", - "value": "${MONGODB_QUIET}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json deleted file mode 100644 index 9a05dcbd5..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ /dev/null @@ -1,718 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MySQL (Persistent with https)" - }, - "name": "jws30-tomcat7-mysql-persistent-s2i" - }, - "labels": { - "template": "jws30-tomcat7-mysql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/mysql/data", - "name": "${APPLICATION_NAME}-mysql-pvol" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-mysql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-mysql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-mysql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-s2i.json deleted file mode 100644 index 553a30a44..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ /dev/null @@ -1,677 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MySQL (Ephemeral with https)" - }, - "name": "jws30-tomcat7-mysql-s2i" - }, - "labels": { - "template": "jws30-tomcat7-mysql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json deleted file mode 100644 index a5c6c8a56..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ /dev/null @@ -1,692 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + PostgreSQL (Persistent with https)" - }, - "name": "jws30-tomcat7-postgresql-persistent-s2i" - }, - "labels": { - "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/pgsql/data", - "name": "${APPLICATION_NAME}-postgresql-pvol" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-postgresql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-postgresql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-s2i.json deleted file mode 100644 index 61a3208e4..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ /dev/null @@ -1,651 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + PostgreSQL (Ephemeral with https)" - }, - "name": "jws30-tomcat7-postgresql-s2i" - }, - "labels": { - "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-basic-s2i.json deleted file mode 100644 index 75d08e99d..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ /dev/null @@ -1,319 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 (no https)" - }, - "name": "jws30-tomcat8-basic-s2i" - }, - "labels": { - "template": "jws30-tomcat8-basic-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "tomcat-websocket-chat", - "required": false - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-https-s2i.json deleted file mode 100644 index 71577bec4..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-https-s2i.json +++ /dev/null @@ -1,438 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 (with https)" - }, - "name": "jws30-tomcat8-https-s2i" - }, - "labels": { - "template": "jws30-tomcat8-https-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "tomcat-websocket-chat", - "required": false - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-s2i.json deleted file mode 100644 index 6dc85e226..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ /dev/null @@ -1,674 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MongoDB (Ephemeral with https)" - }, - "name": "jws30-tomcat8-mongodb-s2i" - }, - "labels": { - "template": "jws30-tomcat8-mongodb-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-mongodb", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", - "name": "DB_JNDI", - "value": "", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MongoDB No Preallocation", - "description": "Disable data file preallocation.", - "name": "MONGODB_NOPREALLOC", - "required": false - }, - { - "displayName": "MongoDB Small Files", - "description": "Set MongoDB to use a smaller default data file size.", - "name": "MONGODB_SMALLFILES", - "required": false - }, - { - "displayName": "MongoDB Quiet", - "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", - "name": "MONGODB_QUIET", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database admin password", - "description": "Database admin password", - "name": "DB_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MongoDB Image Stream Tag", - "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", - "name": "MONGODB_IMAGE_STREAM_TAG", - "value": "3.2", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 27017, - "targetPort": 27017 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mongodb=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_ADMIN_PASSWORD", - "value": "${DB_ADMIN_PASSWORD}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mongodb" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mongodb", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mongodb", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mongodb", - "image": "mongodb", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 27017, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MONGODB_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MONGODB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MONGODB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DB_ADMIN_PASSWORD}" - }, - { - "name": "MONGODB_NOPREALLOC", - "value": "${MONGODB_NOPREALLOC}" - }, - { - "name": "MONGODB_SMALLFILES", - "value": "${MONGODB_SMALLFILES}" - }, - { - "name": "MONGODB_QUIET", - "value": "${MONGODB_QUIET}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json deleted file mode 100644 index 0e96b58a9..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ /dev/null @@ -1,718 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MySQL (Persistent with https)" - }, - "name": "jws30-tomcat8-mysql-persistent-s2i" - }, - "labels": { - "template": "jws30-tomcat8-mysql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/mysql/data", - "name": "${APPLICATION_NAME}-mysql-pvol" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-mysql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-mysql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-mysql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-s2i.json deleted file mode 100644 index 08b040863..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ /dev/null @@ -1,677 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MySQL (Ephemeral with https)" - }, - "name": "jws30-tomcat8-mysql-s2i" - }, - "labels": { - "template": "jws30-tomcat8-mysql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json deleted file mode 100644 index f117e6624..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ /dev/null @@ -1,692 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + PostgreSQL (Persistent with https)" - }, - "name": "jws30-tomcat8-postgresql-persistent-s2i" - }, - "labels": { - "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/pgsql/data", - "name": "${APPLICATION_NAME}-postgresql-pvol" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-postgresql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-postgresql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-s2i.json deleted file mode 100644 index faece1269..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ /dev/null @@ -1,649 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + (PostgreSQL with https)" - }, - "name": "jws30-tomcat8-postgresql-s2i" - }, - "labels": { - "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", - "parameters": [ - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "jws-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "todolist/todolist-jdbc", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", - "name": "DB_JNDI", - "value": "jboss/datasources/defaultDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Secret Name", - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret", - "required": true - }, - { - "displayName": "Certificate Name", - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt", - "required": false - }, - { - "displayName": "Certificate Key Name", - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key", - "required": false - }, - { - "displayName": "Certificate Password", - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "", - "required": false - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Username", - "description": "JWS Admin User", - "name": "JWS_ADMIN_USERNAME", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "JWS Admin Password", - "description": "JWS Admin Password", - "name": "JWS_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "jws-service-account", - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "curl --noproxy '*' -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" - ] - } - }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { - "name": "JWS_ADMIN_USERNAME", - "value": "${JWS_ADMIN_USERNAME}" - }, - { - "name": "JWS_ADMIN_PASSWORD", - "value": "${JWS_ADMIN_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json index 6db6e8cc6..42e352538 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 (no https)" + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (no https)" }, "name": "jws31-tomcat7-basic-s2i" }, "labels": { "template": "jws31-tomcat7-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +196,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json index fd5fca316..b0a81d9c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Web Server application configured for use with https. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (with https)", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, and application deployment configuration. This also illustrations how to connect to the web applicaiton using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat7-https-s2i" }, "labels": { "template": "jws31-tomcat7-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json index 6bbea8ab8..565f97822 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MongoDB (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat7-mongodb-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -391,7 +395,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json index a565ee4c0..fc473f5c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (Ephemeral with https)" }, "name": "jws31-tomcat7-mongodb-s2i" }, "labels": { "template": "jws31-tomcat7-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json index be6899958..1223acd0f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MySQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat7-mysql-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +400,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json index 2983cc905..39becd41e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (Ephemeral with https)" }, "name": "jws31-tomcat7-mysql-s2i" }, "labels": { "template": "jws31-tomcat7-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json index cc5ea452c..77f4f8c9f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + PostgreSQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (with https)", + "description": "An example JBoss Web Server application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json index bd23e1558..6d1d7aef7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + PostgreSQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (Ephemeral with https)" }, "name": "jws31-tomcat7-postgresql-s2i" }, "labels": { "template": "jws31-tomcat7-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json index f3a5786f6..9e7dc3488 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 (no https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (no https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, and an application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat8-basic-s2i" }, "labels": { "template": "jws31-tomcat8-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +199,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json index 634948a80..8fd5d9fab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (with https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat8-https-s2i" }, "labels": { "template": "jws31-tomcat8-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json index 1ad60d8cc..f4b11ccfa 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json @@ -3,18 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MongoDB (Persistent with https)" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat8-mongodb-persistent-s2i" }, - "message": "A new persistent JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "labels": { "template": "jws31-tomcat8-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "parameters": [ { @@ -391,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json index f3e918afc..e2f69f157 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (Ephemeral with https)" }, "name": "jws31-tomcat8-mongodb-s2i" }, "labels": { "template": "jws31-tomcat8-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json index 08b456440..579071cb1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MySQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat8-mysql-persistent-s2i" }, "labels": { "template": "jws31-tomcat8-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +399,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json index 260515b73..e84d61608 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (Ephemeral with https)" }, "name": "jws31-tomcat8-mysql-s2i" }, "labels": { "template": "jws31-tomcat8-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json index eef5b6939..83a6ca19b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + PostgreSQL (Persistent with https)" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + PostgreSQL (with https)" }, "name": "jws31-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws31-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json index 07ef7218a..e28cf8a04 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + (PostgreSQL with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.0 Apache Tomcat 8 + PostgreSQL (Ephemeral with https)" }, "name": "jws31-tomcat8-postgresql-s2i" }, "labels": { "template": "jws31-tomcat8-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json index cd0bec3c1..aad649f84 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Camel route using ActiveMQ in Karaf container.", + "description": "Camel route using ActiveMQ in Karaf container. This quickstart shows how to use Camel in a Karaf Container using Blueprint to connect to the A-MQ xPaaS message broker on OpenShift that should already be installed, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template.", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-amq-1.0.0.redhat-000010", + "value": "karaf2-camel-amq-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json index 2ecce08a9..38b7bc249 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "A simple Camel route in Karaf container.", + "description": "A simple Camel route in Karaf container. This quickstart shows a simple Apache Camel application that logs a message to the server log every 5th second.", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-log-1.0.0.redhat-000010", + "value": "karaf2-camel-log-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json index d80939efb..6d9573e5b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Camel example using Rest DSL with SQL Database in Karaf container.", + "description": "Camel example using Rest DSL with SQL Database in Karaf container. This example demonstrates how to use SQL via JDBC along with Camel's REST DSL to expose a RESTful API. The OpenShift MySQL container image should already be installed and running on your OpenShift installation, one simple way to run a MySQL service is following the documentation of the Openshift MySQL container image related to the mysql-ephemeral template..", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-rest-sql-1.0.0.redhat-000010", + "value": "karaf2-camel-rest-sql-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -73,7 +73,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json index f99099868..fdc0c00e5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "REST example using CXF in Karaf container.", + "description": "REST example using CXF in Karaf container. This quickstart demonstrates how to create a RESTful (JAX-RS) web service using CXF and expose it through the OSGi HTTP Service", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-cxf-rest-1.0.0.redhat-000010", + "value": "karaf2-cxf-rest-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json index a48e204ae..6336f0398 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for Java applications built using S2I.", - "tags": "java,xpaas", - "version": "1.1.0", - "openshift.io/display-name": "Red Hat OpenJDK 8" + "iconClass": "icon-rh-openjdk", + "tags": "java", + "version": "1.4.7", + "openshift.io/display-name": "OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example Java application using OpenJDK 8. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat OpenJDK Java 8 based application.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "openjdk18-web-basic-s2i" }, "labels": { "template": "openjdk18-web-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new java application has been created in your project.", "parameters": [ @@ -156,7 +160,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-openjdk18-openshift:1.1" + "name": "redhat-openjdk18-openshift:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json deleted file mode 100644 index d1705c88c..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json +++ /dev/null @@ -1,1156 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + MySQL (Persistent with https)" - }, - "name": "processserver63-amq-mysql-persistent-s2i" - }, - "labels": { - "template": "processserver63-amq-mysql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Request", - "description": "JNDI name of request queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "queue/KIE.SERVER.REQUEST", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { - "displayName": "KIE Server Executor JMS Queue", - "description": "JNDI name of executor queue for JMS.", - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "queue/KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.MySQL5Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", - "name": "MQ_JNDI", - "value": "java:/JmsXA", - "required": false - }, - { - "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", - "name": "AMQ_SPLIT", - "value": "false", - "required": false - }, - { - "displayName": "A-MQ Protocols", - "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", - "name": "MQ_PROTOCOL", - "value": "openwire", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "A-MQ Username", - "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Password", - "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Mesh Discovery Type", - "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "kube", - "required": false - }, - { - "displayName": "A-MQ Storage Limit", - "description": "The A-MQ storage usage limit", - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "100 gb", - "required": false - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 61616, - "targetPort": 61616 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-amq-tcp", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The broker's OpenWire port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" - }, - { - "name": "MQ_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-amq=MQ" - }, - { - "name": "MQ_JNDI", - "value": "${MQ_JNDI}" - }, - { - "name": "MQ_USERNAME", - "value": "${MQ_USERNAME}" - }, - { - "name": "MQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "MQ_PROTOCOL", - "value": "tcp" - }, - { - "name": "MQ_QUEUES", - "value": "${MQ_QUEUES}" - }, - { - "name": "MQ_TOPICS", - "value": "${MQ_TOPICS}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "QUARTZ_JNDI", - "value": "${DB_JNDI}NotManaged" - }, - { - "name": "QUARTZ_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "QUARTZ_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "QUARTZ_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "QUARTZ_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "QUARTZ_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "QUARTZ_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "QUARTZ_JTA", - "value": "false" - }, - { - "name": "QUARTZ_NONXA", - "value": "true" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/mysql/data", - "name": "${APPLICATION_NAME}-mysql-pvol" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-mysql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-mysql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-mysql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-amq" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-amq", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "mountPath": "/opt/amq/data", - "name": "${APPLICATION_NAME}-amq-pvol" - } - ], - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/amq/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "amqp", - "containerPort": 5672, - "protocol": "TCP" - }, - { - "name": "amqp-ssl", - "containerPort": 5671, - "protocol": "TCP" - }, - { - "name": "mqtt", - "containerPort": 1883, - "protocol": "TCP" - }, - { - "name": "stomp", - "containerPort": 61613, - "protocol": "TCP" - }, - { - "name": "stomp-ssl", - "containerPort": 61612, - "protocol": "TCP" - }, - { - "name": "tcp", - "containerPort": 61616, - "protocol": "TCP" - }, - { - "name": "tcp-ssl", - "containerPort": 61617, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "AMQ_USER", - "value": "${MQ_USERNAME}" - }, - { - "name": "AMQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "AMQ_TRANSPORTS", - "value": "${MQ_PROTOCOL}" - }, - { - "name": "AMQ_SPLIT", - "value": "${AMQ_SPLIT}" - }, - { - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "${AMQ_MESH_DISCOVERY_TYPE}" - }, - { - "name": "AMQ_MESH_SERVICE_NAME", - "value": "${APPLICATION_NAME}-amq-tcp" - }, - { - "name": "AMQ_MESH_SERVICE_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "${AMQ_STORAGE_USAGE_LIMIT}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-amq-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-amq-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-amq-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteMany" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-s2i.json deleted file mode 100644 index 665cb76a3..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-s2i.json +++ /dev/null @@ -1,1034 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + MySQL (Ephemeral with https)" - }, - "name": "processserver63-amq-mysql-s2i" - }, - "labels": { - "template": "processserver63-amq-mysql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Request", - "description": "JNDI name of request queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "queue/KIE.SERVER.REQUEST", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { - "displayName": "KIE Server Executor JMS Queue", - "description": "JNDI name of executor queue for JMS.", - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "queue/KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.MySQL5Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", - "name": "MQ_JNDI", - "value": "java:/JmsXA", - "required": false - }, - { - "displayName": "A-MQ Protocols", - "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", - "name": "MQ_PROTOCOL", - "value": "openwire", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "A-MQ Username", - "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Password", - "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Mesh Discovery Type", - "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "kube", - "required": false - }, - { - "displayName": "A-MQ Storage Limit", - "description": "The A-MQ storage usage limit", - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "100 gb", - "required": false - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 61616, - "targetPort": 61616 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-amq-tcp", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The broker's OpenWire port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" - }, - { - "name": "MQ_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-amq=MQ" - }, - { - "name": "MQ_JNDI", - "value": "${MQ_JNDI}" - }, - { - "name": "MQ_USERNAME", - "value": "${MQ_USERNAME}" - }, - { - "name": "MQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "MQ_PROTOCOL", - "value": "tcp" - }, - { - "name": "MQ_QUEUES", - "value": "${MQ_QUEUES}" - }, - { - "name": "MQ_TOPICS", - "value": "${MQ_TOPICS}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-amq" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-amq", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/amq/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "amqp", - "containerPort": 5672, - "protocol": "TCP" - }, - { - "name": "amqp-ssl", - "containerPort": 5671, - "protocol": "TCP" - }, - { - "name": "mqtt", - "containerPort": 1883, - "protocol": "TCP" - }, - { - "name": "stomp", - "containerPort": 61613, - "protocol": "TCP" - }, - { - "name": "stomp-ssl", - "containerPort": 61612, - "protocol": "TCP" - }, - { - "name": "tcp", - "containerPort": 61616, - "protocol": "TCP" - }, - { - "name": "tcp-ssl", - "containerPort": 61617, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "AMQ_USER", - "value": "${MQ_USERNAME}" - }, - { - "name": "AMQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "AMQ_TRANSPORTS", - "value": "${MQ_PROTOCOL}" - }, - { - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "${AMQ_MESH_DISCOVERY_TYPE}" - }, - { - "name": "AMQ_MESH_SERVICE_NAME", - "value": "${APPLICATION_NAME}-amq-tcp" - }, - { - "name": "AMQ_MESH_SERVICE_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "${AMQ_STORAGE_USAGE_LIMIT}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json deleted file mode 100644 index 5a395a0f3..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json +++ /dev/null @@ -1,1126 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + PostgreSQL (Persistent with https)" - }, - "name": "processserver63-amq-postgresql-persistent-s2i" - }, - "labels": { - "template": "processserver63-amq-postgresql-persistent-s2i", - "xpaas": "1.4.0" - }, - "message": "A new persistent BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Request", - "description": "JNDI name of request queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "queue/KIE.SERVER.REQUEST", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { - "displayName": "KIE Server Executor JMS Queue", - "description": "JNDI name of executor queue for JMS.", - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "queue/KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.PostgreSQL82Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Database Volume Capacity", - "description": "Size of persistent storage for database volume.", - "name": "VOLUME_CAPACITY", - "value": "512Mi", - "required": true - }, - { - "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", - "name": "MQ_JNDI", - "value": "java:/JmsXA", - "required": false - }, - { - "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", - "name": "AMQ_SPLIT", - "value": "false", - "required": false - }, - { - "displayName": "A-MQ Protocols", - "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", - "name": "MQ_PROTOCOL", - "value": "openwire", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "A-MQ Username", - "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Password", - "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Mesh Discovery Type", - "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "kube", - "required": false - }, - { - "displayName": "A-MQ Storage Limit", - "description": "The A-MQ storage usage limit", - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "100 gb", - "required": false - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 61616, - "targetPort": 61616 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-amq-tcp", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The broker's OpenWire port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" - }, - { - "name": "MQ_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-amq=MQ" - }, - { - "name": "MQ_JNDI", - "value": "${MQ_JNDI}" - }, - { - "name": "MQ_USERNAME", - "value": "${MQ_USERNAME}" - }, - { - "name": "MQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "MQ_PROTOCOL", - "value": "tcp" - }, - { - "name": "MQ_QUEUES", - "value": "${MQ_QUEUES}" - }, - { - "name": "MQ_TOPICS", - "value": "${MQ_TOPICS}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "QUARTZ_JNDI", - "value": "${DB_JNDI}NotManaged" - }, - { - "name": "QUARTZ_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "QUARTZ_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "QUARTZ_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "QUARTZ_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "QUARTZ_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "QUARTZ_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "QUARTZ_JTA", - "value": "false" - }, - { - "name": "QUARTZ_NONXA", - "value": "true" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "volumeMounts": [ - { - "mountPath": "/var/lib/pgsql/data", - "name": "${APPLICATION_NAME}-postgresql-pvol" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-postgresql-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-postgresql-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteOnce" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-amq" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-amq", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "mountPath": "/opt/amq/data", - "name": "${APPLICATION_NAME}-amq-pvol" - } - ], - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/amq/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "amqp", - "containerPort": 5672, - "protocol": "TCP" - }, - { - "name": "amqp-ssl", - "containerPort": 5671, - "protocol": "TCP" - }, - { - "name": "mqtt", - "containerPort": 1883, - "protocol": "TCP" - }, - { - "name": "stomp", - "containerPort": 61613, - "protocol": "TCP" - }, - { - "name": "stomp-ssl", - "containerPort": 61612, - "protocol": "TCP" - }, - { - "name": "tcp", - "containerPort": 61616, - "protocol": "TCP" - }, - { - "name": "tcp-ssl", - "containerPort": 61617, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "AMQ_USER", - "value": "${MQ_USERNAME}" - }, - { - "name": "AMQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "AMQ_TRANSPORTS", - "value": "${MQ_PROTOCOL}" - }, - { - "name": "AMQ_SPLIT", - "value": "${AMQ_SPLIT}" - }, - { - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "${AMQ_MESH_DISCOVERY_TYPE}" - }, - { - "name": "AMQ_MESH_SERVICE_NAME", - "value": "${APPLICATION_NAME}-amq-tcp" - }, - { - "name": "AMQ_MESH_SERVICE_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "${AMQ_STORAGE_USAGE_LIMIT}" - } - ] - } - ], - "volumes": [ - { - "name": "${APPLICATION_NAME}-amq-pvol", - "persistentVolumeClaim": { - "claimName": "${APPLICATION_NAME}-amq-claim" - } - } - ] - } - } - } - }, - { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "name": "${APPLICATION_NAME}-amq-claim", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "accessModes": [ - "ReadWriteMany" - ], - "resources": { - "requests": { - "storage": "${VOLUME_CAPACITY}" - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-s2i.json deleted file mode 100644 index e7c5efdc9..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-s2i.json +++ /dev/null @@ -1,1004 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)" - }, - "name": "processserver63-amq-postgresql-s2i" - }, - "labels": { - "template": "processserver63-amq-postgresql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Request", - "description": "JNDI name of request queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "queue/KIE.SERVER.REQUEST", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { - "displayName": "KIE Server Executor JMS Queue", - "description": "JNDI name of executor queue for JMS.", - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "queue/KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.PostgreSQL82Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", - "name": "MQ_JNDI", - "value": "java:/JmsXA", - "required": false - }, - { - "displayName": "A-MQ Protocols", - "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", - "name": "MQ_PROTOCOL", - "value": "openwire", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", - "name": "MQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "A-MQ Username", - "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Password", - "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", - "name": "MQ_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": false - }, - { - "displayName": "A-MQ Mesh Discovery Type", - "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "kube", - "required": false - }, - { - "displayName": "A-MQ Storage Limit", - "description": "The A-MQ storage usage limit", - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "100 gb", - "required": false - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 61616, - "targetPort": 61616 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-amq-tcp", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The broker's OpenWire port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_REQUEST", - "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { - "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", - "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" - }, - { - "name": "MQ_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-amq=MQ" - }, - { - "name": "MQ_JNDI", - "value": "${MQ_JNDI}" - }, - { - "name": "MQ_USERNAME", - "value": "${MQ_USERNAME}" - }, - { - "name": "MQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "MQ_PROTOCOL", - "value": "tcp" - }, - { - "name": "MQ_QUEUES", - "value": "${MQ_QUEUES}" - }, - { - "name": "MQ_TOPICS", - "value": "${MQ_TOPICS}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-amq" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-amq" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-amq", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-amq", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", - "imagePullPolicy": "Always", - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/amq/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "amqp", - "containerPort": 5672, - "protocol": "TCP" - }, - { - "name": "amqp-ssl", - "containerPort": 5671, - "protocol": "TCP" - }, - { - "name": "mqtt", - "containerPort": 1883, - "protocol": "TCP" - }, - { - "name": "stomp", - "containerPort": 61613, - "protocol": "TCP" - }, - { - "name": "stomp-ssl", - "containerPort": 61612, - "protocol": "TCP" - }, - { - "name": "tcp", - "containerPort": 61616, - "protocol": "TCP" - }, - { - "name": "tcp-ssl", - "containerPort": 61617, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "AMQ_USER", - "value": "${MQ_USERNAME}" - }, - { - "name": "AMQ_PASSWORD", - "value": "${MQ_PASSWORD}" - }, - { - "name": "AMQ_TRANSPORTS", - "value": "${MQ_PROTOCOL}" - }, - { - "name": "AMQ_MESH_DISCOVERY_TYPE", - "value": "${AMQ_MESH_DISCOVERY_TYPE}" - }, - { - "name": "AMQ_MESH_SERVICE_NAME", - "value": "${APPLICATION_NAME}-amq-tcp" - }, - { - "name": "AMQ_MESH_SERVICE_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "AMQ_STORAGE_USAGE_LIMIT", - "value": "${AMQ_STORAGE_USAGE_LIMIT}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-basic-s2i.json deleted file mode 100644 index e70d20a6e..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-basic-s2i.json +++ /dev/null @@ -1,383 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server (no https)" - }, - "name": "processserver63-basic-s2i" - }, - "labels": { - "template": "processserver63-basic-s2i", - "xpaas": "1.4.0" - }, - "message": "A new BPMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.H2Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-s2i.json deleted file mode 100644 index a3be02eab..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-s2i.json +++ /dev/null @@ -1,783 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + MySQL (Ephemeral with https)" - }, - "name": "processserver63-mysql-s2i" - }, - "labels": { - "template": "processserver63-mysql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.MySQL5Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "MySQL Lower Case Table Names", - "description": "Sets how the table names are stored and compared.", - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "required": false - }, - { - "displayName": "MySQL Maximum number of connections", - "description": "The maximum permitted number of simultaneous client connections.", - "name": "MYSQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "MySQL FullText Minimum Word Length", - "description": "The minimum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MIN_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL FullText Maximum Word Length", - "description": "The maximum length of the word to be included in a FULLTEXT index.", - "name": "MYSQL_FT_MAX_WORD_LEN", - "required": false - }, - { - "displayName": "MySQL AIO", - "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", - "name": "MYSQL_AIO", - "required": false - }, - { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "MySQL Image Stream Tag", - "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", - "name": "MYSQL_IMAGE_STREAM_TAG", - "value": "5.7", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 3306, - "targetPort": 3306 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-mysql=DB" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-mysql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-mysql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-mysql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-mysql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-mysql", - "image": "mysql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 3306, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "MYSQL_LOWER_CASE_TABLE_NAMES", - "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" - }, - { - "name": "MYSQL_MAX_CONNECTIONS", - "value": "${MYSQL_MAX_CONNECTIONS}" - }, - { - "name": "MYSQL_FT_MIN_WORD_LEN", - "value": "${MYSQL_FT_MIN_WORD_LEN}" - }, - { - "name": "MYSQL_FT_MAX_WORD_LEN", - "value": "${MYSQL_FT_MAX_WORD_LEN}" - }, - { - "name": "MYSQL_AIO", - "value": "${MYSQL_AIO}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-s2i.json deleted file mode 100644 index 451915a1d..000000000 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-s2i.json +++ /dev/null @@ -1,753 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + PostgreSQL (Ephemeral with https)" - }, - "name": "processserver63-postgresql-s2i" - }, - "labels": { - "template": "processserver63-postgresql-s2i", - "xpaas": "1.4.0" - }, - "message": "A new BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", - "parameters": [ - { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server Persistence Dialect", - "description": "Hibernate persistence dialect.", - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "org.hibernate.dialect.PostgreSQL82Dialect", - "required": false - }, - { - "displayName": "Application Name", - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "kie-app", - "required": true - }, - { - "displayName": "Custom http Route Hostname", - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "displayName": "Custom https Route Hostname", - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "displayName": "Git Repository URL", - "description": "Git source URI for application", - "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts", - "required": true - }, - { - "displayName": "Git Reference", - "description": "Git branch/tag reference", - "name": "SOURCE_REPOSITORY_REF", - "value": "1.3", - "required": false - }, - { - "displayName": "Context Directory", - "description": "Path within Git project to build; empty for root project directory.", - "name": "CONTEXT_DIR", - "value": "processserver/library", - "required": false - }, - { - "displayName": "Database JNDI Name", - "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", - "name": "DB_JNDI", - "value": "java:jboss/datasources/ExampleDS", - "required": false - }, - { - "displayName": "Database Name", - "description": "Database name", - "name": "DB_DATABASE", - "value": "root", - "required": true - }, - { - "displayName": "Queues", - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "displayName": "Topics", - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "displayName": "Server Keystore Secret Name", - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "processserver-app-secret", - "required": false - }, - { - "displayName": "Server Keystore Filename", - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "displayName": "Server Certificate Name", - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "displayName": "Server Keystore Password", - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "displayName": "Database Username", - "description": "Database user name", - "name": "DB_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true - }, - { - "displayName": "Database Password", - "description": "Database user password", - "name": "DB_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Datasource Minimum Pool Size", - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Maximum Pool Size", - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "displayName": "Datasource Transaction Isolation", - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "displayName": "PostgreSQL Maximum number of connections", - "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", - "name": "POSTGRESQL_MAX_CONNECTIONS", - "required": false - }, - { - "displayName": "PostgreSQL Shared Buffers", - "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", - "name": "POSTGRESQL_SHARED_BUFFERS", - "required": false - }, - { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Github Webhook Secret", - "description": "GitHub trigger secret", - "name": "GITHUB_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "Generic Webhook Secret", - "description": "Generic build trigger secret", - "name": "GENERIC_WEBHOOK_SECRET", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "displayName": "ImageStream Namespace", - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - }, - { - "displayName": "Maven mirror URL", - "description": "Maven mirror to use for S2I builds", - "name": "MAVEN_MIRROR_URL", - "value": "", - "required": false - }, - { - "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", - "name": "ARTIFACT_DIR", - "value": "", - "required": false - }, - { - "displayName": "PostgreSQL Image Stream Tag", - "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", - "name": "POSTGRESQL_IMAGE_STREAM_TAG", - "value": "9.5", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port.", - "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "MAVEN_MIRROR_URL", - "value": "${MAVEN_MIRROR_URL}" - }, - { - "name": "ARTIFACT_DIR", - "value": "${ARTIFACT_DIR}" - } - ], - "forcePull": true, - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" - } - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${APPLICATION_NAME}:latest" - } - }, - "triggers": [ - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - }, - { - "type": "ImageChange", - "imageChange": {} - }, - { - "type": "ConfigChange" - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "processserver-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "processserver-keystore-volume", - "mountPath": "/etc/processserver-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_PERSISTENCE_DIALECT", - "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" - }, - { - "name": "DB_SERVICE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_JNDI", - "value": "${DB_JNDI}" - }, - { - "name": "DB_USERNAME", - "value": "${DB_USERNAME}" - }, - { - "name": "DB_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "DB_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" - }, - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/processserver-secret-volume" - }, - { - "name": "HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - } - ] - } - ], - "volumes": [ - { - "name": "processserver-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - } - ] - } - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}-postgresql" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}-postgresql", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}-postgresql", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}-postgresql", - "image": "postgresql", - "imagePullPolicy": "Always", - "ports": [ - { - "containerPort": 5432, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "POSTGRESQL_USER", - "value": "${DB_USERNAME}" - }, - { - "name": "POSTGRESQL_PASSWORD", - "value": "${DB_PASSWORD}" - }, - { - "name": "POSTGRESQL_DATABASE", - "value": "${DB_DATABASE}" - }, - { - "name": "POSTGRESQL_MAX_CONNECTIONS", - "value": "${POSTGRESQL_MAX_CONNECTIONS}" - }, - { - "name": "POSTGRESQL_SHARED_BUFFERS", - "value": "${POSTGRESQL_SHARED_BUFFERS}" - } - ] - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json index 293d04d63..9ef04ae71 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-mysql-persistent-s2i" }, "labels": { "template": "processserver64-amq-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -543,7 +547,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -996,7 +1000,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json index 760940b36..4cb45db42 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-mysql-s2i" }, "labels": { "template": "processserver64-amq-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -529,7 +533,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -912,7 +916,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json index 1603bccff..56fefcc0a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-postgresql-persistent-s2i" }, "labels": { "template": "processserver64-amq-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -525,7 +529,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -966,7 +970,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json index 422f51c11..bb8d2df28 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-postgresql-s2i" }, "labels": { "template": "processserver64-amq-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -511,7 +516,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -882,7 +887,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json index 2bf15ff25..1b7cc8cf1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server (no https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-basic-s2i" }, "labels": { "template": "processserver64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -234,7 +238,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json index 4673dfb0d..1a4d0887c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + MySQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-mysql-persistent-s2i" }, "labels": { "template": "processserver64-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -455,7 +460,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json index 9078f20b8..7c491d832 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + MySQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-mysql-s2i" }, "labels": { "template": "processserver64-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -448,7 +452,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json index 75b6d310e..8965ea41f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-postgresql-persistent-s2i" }, "labels": { "template": "processserver64-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -437,7 +441,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json index 51923c0ad..e21f0ce4e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-postgresql-s2i" }, "labels": { "template": "processserver64-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -430,7 +434,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json index 8b3cd6ed0..2c1a73a29 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel and ActiveMQ QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to an ActiveMQ broker and use JMS messaging between two Camel routes using OpenShift. In this example we will use two containers, one container to run as a ActiveMQ broker, and another as a client to the broker, where the Camel routes are running. This quickstart requires the ActiveMQ broker has been deployed and running first.", + "description": "Spring Boot, Camel and ActiveMQ QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to an ActiveMQ broker and use JMS messaging between two Camel routes using OpenShift. In this example we will use two containers, one container to run as a ActiveMQ broker, and another as a client to the broker, where the Camel routes are running. This quickstart requires the ActiveMQ broker has been deployed and running first, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-amq-1.0.0.redhat-000055", + "value": "spring-boot-camel-amq-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -60,7 +60,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json index bc5bbad22..b62e768b6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot and Camel using ConfigMaps and Secrets. This quickstart demonstrates how to configure a Spring-Boot application using Openshift ConfigMaps and Secrets.", + "description": "Spring Boot and Camel using ConfigMaps and Secrets. This quickstart demonstrates how to configure a Spring-Boot application using OpenShift ConfigMaps and Secrets. This example requires that a ConfigMap named camel-config and a Secret named camel-config are present in the namespace before the application is deployed, instruction about how to manually create them can be found here: https://github.com/fabric8-quickstarts/spring-boot-camel-config/blob/fis-2.0.x.redhat/README.redhat.md ", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-config-1.0.0.redhat-000005", + "value": "spring-boot-camel-config-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -64,7 +64,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json index e54fa0d59..91081e493 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring-Boot, Camel and JBoss BRMS QuickStart. This example demonstrates how you can use Apache Camel and JBoss BRMS with Spring Boot on OpenShift. DRL files contain simple rules which are used to create knowledge session via Spring configuration file. Camel routes, defined via Spring as well, are then used to e.g. pass (insert) the Body of the message as a POJO to Drools engine for execution.", + "description": "Spring-Boot, Camel and JBoss BRMS QuickStart. This example demonstrates how you can use Apache Camel and JBoss BRMS with Spring Boot on OpenShift. DRL files contain simple rules which are used to create knowledge session via Spring configuration file. Camel routes, defined via Spring as well, are then used to e.g. pass (insert) the Body of the message as a POJO to Drools engine for execution. A Kie Server should be deployed and configured before running the application, more information about how to configure it can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-drools/blob/fis-2.0.x.redhat/README.redhat.md", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-drools-1.0.0.redhat-000054", + "value": "spring-boot-camel-drools-1.0.0.redhat-000063", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -63,7 +63,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000054", + "value": "1.0.0.redhat-000063", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json index 20ba97dac..8d97400ab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel and JBoss Data Grid QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to a JBoss Data Grid (or Infinispan) server using the Hot Rod protocol. It requires that the data grid server (or cluster) has been deployed first.", + "description": "Spring Boot, Camel and JBoss Data Grid QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to a JBoss Data Grid (or Infinispan) server using the Hot Rod protocol. It requires that the data grid server (or cluster) has been deployed first, one simple way to run a JDG service is following the documentation of the JDG xPaaS image for OpenShift related to the datagrid65-basic template.", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-infinispan-1.0.0.redhat-000024", + "value": "spring-boot-camel-infinispan-1.0.0.redhat-000033", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -50,7 +50,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000024", + "value": "1.0.0.redhat-000033", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json index 555647fab..bf722844c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel REST DSL and MySQL QuickStart. This quickstart demonstrates how to connect a Spring Boot application to a MySQL database and expose a REST API with Camel on OpenShift. In this example we will use two containers, one container to run as a MySQL server, and another as a client to the database, where the Camel routes are running. This quickstart requires the MySQL server to be deployed and started first.", + "description": "Spring Boot, Camel REST DSL and MySQL QuickStart. This quickstart demonstrates how to connect a Spring Boot application to a MySQL database and expose a REST API with Camel on OpenShift. In this example we will use two containers, one container to run as a MySQL server, and another as a client to the database, where the Camel routes are running. This quickstart requires the MySQL server to be deployed and started first, one simple way to run a MySQL service is following the documentation of the OpenShift MySQL container image related to the mysql-ephemeral template.", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-rest-sql-1.0.0.redhat-000055", + "value": "spring-boot-camel-rest-sql-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -72,7 +72,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json index cf9a4e903..856264615 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring-Boot, Camel and JBoss Data Virtualization QuickStart. This example demonstrates how to connect Apache Camel to a remote JBoss Data Virtualization (or Teiid) Server using the JDBC protocol.", + "description": "Spring-Boot, Camel and JBoss Data Virtualization QuickStart. This example demonstrates how to connect Apache Camel to a remote JBoss Data Virtualization (or Teiid) Server using the JDBC protocol. This quickstart assumes that the JDV server is already running and configured on OpenShift, more information about to setup a JDV server can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-teiid/blob/fis-2.0.x.redhat/README.redhat.md", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-teiid-1.0.0.redhat-000053", + "value": "spring-boot-camel-teiid-1.0.0.redhat-000062", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -68,7 +68,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000053", + "value": "1.0.0.redhat-000062", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json index c78a96f7c..9c0fe287e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-1.0.0.redhat-000055", + "value": "spring-boot-camel-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -43,7 +43,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json index 620425902..87c0e347a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-xml-1.0.0.redhat-000055", + "value": "spring-boot-camel-xml-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -43,7 +43,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json index 15cfc93fd..8b0261035 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json @@ -31,10 +31,16 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-cxf-jaxrs-1.0.0.redhat-000005", + "value": "spring-boot-cxf-jaxrs-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxrs", + "description": "Exposed service name." + }, + { "name": "BUILDER_VERSION", "displayName": "Builder version", "value": "2.0", @@ -43,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { @@ -93,6 +99,59 @@ ], "objects": [ { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9413, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { "kind": "ImageStream", "apiVersion": "v1", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json index c70ee7726..8b36f5f0b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json @@ -31,10 +31,16 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-cxf-jaxws-1.0.0.redhat-000005", + "value": "spring-boot-cxf-jaxws-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxws", + "description": "Exposed service name." + }, + { "name": "BUILDER_VERSION", "displayName": "Builder version", "value": "2.0", @@ -43,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { @@ -93,6 +99,59 @@ ], "objects": [ { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9414, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { "kind": "ImageStream", "apiVersion": "v1", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json index bee86d7c4..26dd26624 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-https" }, "labels": { "template": "sso71-https", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -316,7 +320,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -379,7 +383,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json index 49b37f348..7092bb65e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 MySQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + MySQL (Persistent)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-mysql-persistent" }, "labels": { "template": "sso71-mysql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -416,7 +420,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json index 634a75bab..d90f0a0cc 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 MySQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + MySQL (Ephemeral)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-mysql" }, "labels": { "template": "sso71-mysql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -415,7 +419,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json index c53bb9d5b..b1077db91 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 PostgreSQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + PostgreSQL (Persistent)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-postgresql-persistent" }, "labels": { "template": "sso71-postgresql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -398,7 +402,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json index c1fc41eda..0955d712a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 PostgreSQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + PostgreSQL (Ephemeral)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-postgresql" }, "labels": { "template": "sso71-postgresql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -397,7 +401,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 1a4562776..356317431 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -63,8 +63,10 @@ - name: Import Centos Image streams command: > - {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ centos_image_streams }} + {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ item }} when: openshift_examples_load_centos | bool + with_items: + - "{{ centos_image_streams }}" register: oex_import_centos_streams failed_when: "'already exists' not in oex_import_centos_streams.stderr and oex_import_centos_streams.rc != 0" changed_when: false diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 33028fea4..a88945538 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1289,7 +1289,7 @@ def get_container_openshift_version(facts): If containerized, see if we can determine the installed version via the systemd environment files. """ - for filename in ['/etc/sysconfig/%s-master', '/etc/sysconfig/%s-node']: + for filename in ['/etc/sysconfig/%s-master-controllers', '/etc/sysconfig/%s-node']: env_path = filename % facts['common']['service_type'] if not os.path.exists(env_path): continue diff --git a/roles/openshift_gcp/templates/provision.j2.sh b/roles/openshift_gcp/templates/provision.j2.sh index 64c7cd019..4d150bc74 100644 --- a/roles/openshift_gcp/templates/provision.j2.sh +++ b/roles/openshift_gcp/templates/provision.j2.sh @@ -125,10 +125,11 @@ fi ) & if ! gcloud --project "{{ openshift_gcp_project }}" compute instance-templates describe "{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}" &>/dev/null; then gcloud --project "{{ openshift_gcp_project }}" compute instance-templates create "{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}" \ --machine-type "{{ node_group.machine_type }}" --network "{{ openshift_gcp_network_name }}" \ - --tags "{{ openshift_gcp_prefix }}ocp,ocp,{{ node_group.tags }}" \ + --tags "{{ openshift_gcp_prefix }}ocp,ocp,{{ 'ocp-bootstrap,' if (node_group.bootstrap | default(False)) else '' }}{{ node_group.tags }}" \ --boot-disk-size "{{ node_group.boot_disk_size }}" --boot-disk-type "pd-ssd" \ --scopes "logging-write,monitoring-write,useraccounts-ro,service-control,service-management,storage-ro,compute-rw" \ - --image "${image}" ${metadata} + --image "{{ node_group.image | default('${image}') }}" ${metadata} \ + --metadata "bootstrap={{ node_group.bootstrap | default(False) | bool | to_json }},cluster-id={{ openshift_gcp_prefix + openshift_gcp_clusterid }},node-group={{ node_group.name }}" else echo "Instance template '{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}' already exists" fi @@ -312,8 +313,12 @@ fi # wait until all node groups are stable {% for node_group in openshift_gcp_node_group_config %} +{% if node_group.wait_for_stable | default(False) or not (node_group.bootstrap | default(False)) %} # wait for stable {{ node_group.name }} ( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed wait-until-stable "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --timeout=600 ) & +{% else %} +# not waiting for {{ node_group.name }} due to bootstrapping +{% endif %} {% endfor %} diff --git a/roles/openshift_gcp/templates/remove.j2.sh b/roles/openshift_gcp/templates/remove.j2.sh index a1e0affec..c9213b800 100644 --- a/roles/openshift_gcp/templates/remove.j2.sh +++ b/roles/openshift_gcp/templates/remove.j2.sh @@ -37,7 +37,7 @@ function teardown() { # scale down {{ node_group.name }} ( # performs a delete and scale down as one operation to ensure maximum parallelism - if ! instances=$( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed list-instances "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --format='value[terminator=","](instance)' ); then + if ! instances=$( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed list-instances "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --format='value[terminator=","](instance)' 2>/dev/null ); then exit 0 fi instances="${instances%?}" @@ -59,6 +59,21 @@ if gsutil ls -p "{{ openshift_gcp_project }}" "gs://{{ openshift_gcp_registry_bu fi ) & +# Project metadata prefixed with {{ openshift_gcp_prefix }} +( + for key in $( gcloud --project "{{ openshift_gcp_project }}" compute project-info describe --flatten=commonInstanceMetadata.items[] '--format=value(commonInstanceMetadata.items.key)' ); do + if [[ "${key}" == "{{ openshift_gcp_prefix }}"* ]]; then + gcloud --project "{{ openshift_gcp_project }}" compute project-info remove-metadata "--keys=${key}" + fi + done +) & + +# Instances and disks used for image building +( + teardown "{{ openshift_gcp_prefix }}build-image-instance" compute instances --zone "{{ openshift_gcp_zone }}" + teardown "{{ openshift_gcp_prefix }}build-image-instance" compute disks --zone "{{ openshift_gcp_zone }}" +) & + # DNS ( dns_zone="{{ dns_managed_zone | default(openshift_gcp_prefix + 'managed-zone') }}" @@ -152,5 +167,12 @@ for i in `jobs -p`; do wait $i; done for i in `jobs -p`; do wait $i; done +# Images specifically located under this cluster prefix family +for name in $( gcloud --project "{{ openshift_gcp_project }}" compute images list "--filter=family={{ openshift_gcp_prefix }}images" '--format=value(name)' ); do + ( gcloud --project "{{ openshift_gcp_project }}" compute images delete "${name}" ) & +done + # Network -teardown "{{ openshift_gcp_network_name }}" compute networks +( teardown "{{ openshift_gcp_network_name }}" compute networks ) & + +for i in `jobs -p`; do wait $i; done
\ No newline at end of file diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py index 326176273..3ee3b132c 100644 --- a/roles/openshift_health_checker/action_plugins/openshift_health_check.py +++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py @@ -101,7 +101,8 @@ class ActionModule(ActionBase): execute_module=self._execute_module, tmp=tmp, task_vars=task_vars, - want_full_results=want_full_results + want_full_results=want_full_results, + templar=self._templar ) return known_checks diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py index ce05b44a4..b7b16e0ea 100644 --- a/roles/openshift_health_checker/openshift_checks/__init__.py +++ b/roles/openshift_health_checker/openshift_checks/__init__.py @@ -65,12 +65,15 @@ class OpenShiftCheck(object): If the check can gather logs, tarballs, etc., do so when True; but no need to spend the time if they're not wanted (won't be written to output directory). """ - - def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False): + # pylint: disable=too-many-arguments + def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False, + templar=None): # store a method for executing ansible modules from the check self._execute_module = execute_module # the task variables and tmpdir passed into the health checker task self.task_vars = task_vars or {} + # We may need to template some task_vars + self._templar = templar self.tmp = tmp # a boolean for disabling the gathering of results (files, computations) that won't # actually be recorded/used diff --git a/roles/openshift_health_checker/openshift_checks/disk_availability.py b/roles/openshift_health_checker/openshift_checks/disk_availability.py index 7956559c6..87e6146d4 100644 --- a/roles/openshift_health_checker/openshift_checks/disk_availability.py +++ b/roles/openshift_health_checker/openshift_checks/disk_availability.py @@ -1,6 +1,7 @@ """Check that there is enough disk space in predefined paths.""" import tempfile +import os.path from openshift_checks import OpenShiftCheck, OpenShiftCheckException @@ -121,11 +122,21 @@ class DiskAvailability(OpenShiftCheck): return {} + def find_ansible_submounts(self, path): + """Return a list of ansible_mounts that are below the given path.""" + base = os.path.join(path, "") + return [ + mount + for mount in self.get_var("ansible_mounts") + if mount["mount"].startswith(base) + ] + def free_bytes(self, path): """Return the size available in path based on ansible_mounts.""" + submounts = sum(mnt.get('size_available', 0) for mnt in self.find_ansible_submounts(path)) mount = self.find_ansible_mount(path) try: - return mount['size_available'] + return mount['size_available'] + submounts except KeyError: raise OpenShiftCheckException( 'Unable to retrieve disk availability for "{path}".\n' diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 7c8ac78fe..587c6f85c 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -1,5 +1,6 @@ """Check that required Docker images are available.""" +import re from pipes import quote from ansible.module_utils import six from openshift_checks import OpenShiftCheck @@ -11,12 +12,16 @@ DEPLOYMENT_IMAGE_INFO = { "origin": { "namespace": "openshift", "name": "origin", - "registry_console_image": "cockpit/kubernetes", + "registry_console_template": "${prefix}kubernetes:${version}", + "registry_console_prefix": "cockpit/", + "registry_console_default_version": "latest", }, "openshift-enterprise": { "namespace": "openshift3", "name": "ose", - "registry_console_image": "registry.access.redhat.com/openshift3/registry-console", + "registry_console_template": "${prefix}registry-console:${version}", + "registry_console_prefix": "registry.access.redhat.com/openshift3/", + "registry_console_default_version": "${short_version}", }, } @@ -61,10 +66,15 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): # for the oreg_url registry there may be credentials specified components = self.get_var("oreg_url", default="").split('/') self.registries["oreg"] = "" if len(components) < 3 else components[0] + + # Retrieve and template registry credentials, if provided self.skopeo_command_creds = "" oreg_auth_user = self.get_var('oreg_auth_user', default='') oreg_auth_password = self.get_var('oreg_auth_password', default='') if oreg_auth_user != '' and oreg_auth_password != '': + if self._templar is not None: + oreg_auth_user = self._templar.template(oreg_auth_user) + oreg_auth_password = self._templar.template(oreg_auth_password) self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password)) # record whether we could reach a registry or not (and remember results) @@ -146,10 +156,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if 'oo_nodes_to_config' in host_groups: for suffix in NODE_IMAGE_SUFFIXES: required.add(image_url.replace("${component}", suffix).replace("${version}", image_tag)) - # The registry-console is for some reason not prefixed with ose- like the other components. - # Nor is it versioned the same, so just look for latest. - # Also a completely different name is used for Origin. - required.add(image_info["registry_console_image"]) + required.add(self._registry_console_image(image_tag, image_info)) # images for containerized components if self.get_var("openshift", "common", "is_containerized"): @@ -165,6 +172,24 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): return required + def _registry_console_image(self, image_tag, image_info): + """Returns image with logic to parallel what happens with the registry-console template.""" + # The registry-console is for some reason not prefixed with ose- like the other components. + # Nor is it versioned the same. Also a completely different name is used for Origin. + prefix = self.get_var( + "openshift_cockpit_deployer_prefix", + default=image_info["registry_console_prefix"], + ) + + # enterprise template just uses v3.6, v3.7, etc + match = re.match(r'v\d+\.\d+', image_tag) + short_version = match.group() if match else image_tag + version = image_info["registry_console_default_version"].replace("${short_version}", short_version) + version = self.get_var("openshift_cockpit_deployer_version", default=version) + + template = image_info["registry_console_template"] + return template.replace('${prefix}', prefix).replace('${version}', version) + def local_images(self, images): """Filter a list of images and return those available locally.""" found_images = [] diff --git a/roles/openshift_health_checker/openshift_checks/docker_storage.py b/roles/openshift_health_checker/openshift_checks/docker_storage.py index 0558ddf14..6808d8b2f 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_storage.py +++ b/roles/openshift_health_checker/openshift_checks/docker_storage.py @@ -14,7 +14,7 @@ class DockerStorage(DockerHostMixin, OpenShiftCheck): """ name = "docker_storage" - tags = ["pre-install", "health", "preflight"] + tags = ["health", "preflight"] dependencies = ["python-docker-py"] storage_drivers = ["devicemapper", "overlay", "overlay2"] diff --git a/roles/openshift_health_checker/openshift_checks/ovs_version.py b/roles/openshift_health_checker/openshift_checks/ovs_version.py index 416805c4d..0cad19842 100644 --- a/roles/openshift_health_checker/openshift_checks/ovs_version.py +++ b/roles/openshift_health_checker/openshift_checks/ovs_version.py @@ -16,7 +16,8 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck): tags = ["health"] openshift_to_ovs_version = { - "3.6": ["2.6", "2.7"], + "3.7": ["2.6", "2.7", "2.8"], + "3.6": ["2.6", "2.7", "2.8"], "3.5": ["2.6", "2.7"], "3.4": "2.4", } diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py index 2f09b22fc..13a91dadf 100644 --- a/roles/openshift_health_checker/openshift_checks/package_version.py +++ b/roles/openshift_health_checker/openshift_checks/package_version.py @@ -16,7 +16,8 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): openshift_to_ovs_version = { (3, 4): "2.4", (3, 5): ["2.6", "2.7"], - (3, 6): ["2.6", "2.7"], + (3, 6): ["2.6", "2.7", "2.8"], + (3, 7): ["2.6", "2.7", "2.8"], } openshift_to_docker_version = { diff --git a/roles/openshift_health_checker/test/disk_availability_test.py b/roles/openshift_health_checker/test/disk_availability_test.py index 29a325a17..7acdb40ec 100644 --- a/roles/openshift_health_checker/test/disk_availability_test.py +++ b/roles/openshift_health_checker/test/disk_availability_test.py @@ -96,6 +96,24 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): 'size_available': 20 * 10**9 + 1, }], ), + ( + ['oo_masters_to_config'], + 0, + [{ + 'mount': '/', + 'size_available': 2 * 10**9, + }, { # not enough directly on /var + 'mount': '/var', + 'size_available': 10 * 10**9 + 1, + }, { + # but subdir mounts add up to enough + 'mount': '/var/lib/docker', + 'size_available': 20 * 10**9 + 1, + }, { + 'mount': '/var/lib/origin', + 'size_available': 20 * 10**9 + 1, + }], + ), ]) def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansible_mounts): task_vars = dict( @@ -104,9 +122,10 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ansible_mounts=ansible_mounts, ) - result = DiskAvailability(fake_execute_module, task_vars).run() + check = DiskAvailability(fake_execute_module, task_vars) + check.run() - assert not result.get('failed', False) + assert not check.failures @pytest.mark.parametrize('name,group_names,configured_min,ansible_mounts,expect_chunks', [ diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index dec99e5db..484aa72e0 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -1,6 +1,6 @@ import pytest -from openshift_checks.docker_image_availability import DockerImageAvailability +from openshift_checks.docker_image_availability import DockerImageAvailability, DEPLOYMENT_IMAGE_INFO @pytest.fixture() @@ -180,7 +180,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo 'openshift/origin-deployer:vtest', 'openshift/origin-docker-registry:vtest', 'openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', # origin version of registry-console + 'cockpit/kubernetes:latest', # origin version of registry-console ]) ), ( # set a different URL for images @@ -190,7 +190,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo 'foo.io/openshift/origin-deployer:vtest', 'foo.io/openshift/origin-docker-registry:vtest', 'foo.io/openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', # AFAICS this is not built from the URL + 'cockpit/kubernetes:latest', # AFAICS this is not built from the URL ]) ), ( @@ -201,7 +201,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo 'openshift/origin-deployer:vtest', 'openshift/origin-docker-registry:vtest', 'openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', + 'cockpit/kubernetes:latest', # containerized component images 'openshift/origin:vtest', 'openshift/node:vtest', @@ -217,7 +217,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo 'foo.io/openshift3/ose-docker-registry:f13ac45', 'foo.io/openshift3/ose-haproxy-router:f13ac45', # registry-console is not constructed/versioned the same as the others. - 'registry.access.redhat.com/openshift3/registry-console', + 'registry.access.redhat.com/openshift3/registry-console:vtest', # containerized images aren't built from oreg_url 'openshift3/node:vtest', 'openshift3/openvswitch:vtest', @@ -249,6 +249,42 @@ def test_required_images(deployment_type, is_containerized, groups, oreg_url, ex assert expected == DockerImageAvailability(task_vars=task_vars).required_images() +@pytest.mark.parametrize("task_vars, expected", [ + ( + dict( + openshift_deployment_type="origin", + openshift_image_tag="vtest", + ), + "cockpit/kubernetes:latest", + ), ( + dict( + openshift_deployment_type="openshift-enterprise", + openshift_image_tag="vtest", + ), + "registry.access.redhat.com/openshift3/registry-console:vtest", + ), ( + dict( + openshift_deployment_type="openshift-enterprise", + openshift_image_tag="v3.7.0-alpha.0", + openshift_cockpit_deployer_prefix="registry.example.com/spam/", + ), + "registry.example.com/spam/registry-console:v3.7", + ), ( + dict( + openshift_deployment_type="origin", + openshift_image_tag="v3.7.0-alpha.0", + openshift_cockpit_deployer_prefix="registry.example.com/eggs/", + openshift_cockpit_deployer_version="spam", + ), + "registry.example.com/eggs/kubernetes:spam", + ), +]) +def test_registry_console_image(task_vars, expected): + info = DEPLOYMENT_IMAGE_INFO[task_vars["openshift_deployment_type"]] + tag = task_vars["openshift_image_tag"] + assert expected == DockerImageAvailability(task_vars=task_vars)._registry_console_image(tag, info) + + def test_containerized_etcd(): task_vars = dict( openshift=dict( diff --git a/roles/openshift_health_checker/test/ovs_version_test.py b/roles/openshift_health_checker/test/ovs_version_test.py index 5a82a43bf..6f0457549 100644 --- a/roles/openshift_health_checker/test/ovs_version_test.py +++ b/roles/openshift_health_checker/test/ovs_version_test.py @@ -38,8 +38,9 @@ def test_invalid_openshift_release_format(): @pytest.mark.parametrize('openshift_release,expected_ovs_version', [ + ("3.7", ["2.6", "2.7", "2.8"]), ("3.5", ["2.6", "2.7"]), - ("3.6", ["2.6", "2.7"]), + ("3.6", ["2.6", "2.7", "2.8"]), ("3.4", "2.4"), ("3.3", "2.4"), ("1.0", "2.4"), diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 5623e4ecd..2af42fba4 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -69,7 +69,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau openshift_hosted_registry_name: docker-registry openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" -registry_volume_claim: 'registry-claim' openshift_hosted_registry_cert_expire_days: 730 r_openshift_hosted_registry_os_firewall_deny: [] diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 2aceef9e4..dd7053656 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -29,7 +29,9 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or + ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ @@ -42,8 +44,8 @@ hostnames: - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" + key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" - name: set the openshift_hosted_router_certificate @@ -55,6 +57,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} + - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml index ce7688581..88b893448 100644 --- a/roles/openshift_hosted_metrics/handlers/main.yml +++ b/roles/openshift_hosted_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml index 6811ece28..a78146ca4 100644 --- a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_NAME}:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -100,9 +100,9 @@ objects: redirectURIs: - "${COCKPIT_KUBE_URL}" parameters: - - description: "Container image name" - name: IMAGE_NAME - value: "cockpit/kubernetes" + - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' + name: IMAGE_PREFIX + value: "cockpit/" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml index 6811ece28..a78146ca4 100644 --- a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_NAME}:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}kubernetes:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -100,9 +100,9 @@ objects: redirectURIs: - "${COCKPIT_KUBE_URL}" parameters: - - description: "Container image name" - name: IMAGE_NAME - value: "cockpit/kubernetes" + - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' + name: IMAGE_PREFIX + value: "cockpit/" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 69eb9283d..6c5bb8693 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -44,23 +44,23 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_curator_run_timezone`: The timezone that Curator uses for figuring out its run time. Defaults to 'UTC'. - `openshift_logging_curator_script_log_level`: The script log level for Curator. Defaults to 'INFO'. - `openshift_logging_curator_log_level`: The log level for the Curator process. Defaults to 'ERROR'. -- `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'. +- `openshift_logging_curator_cpu_request`: The minimum amount of CPU to allocate to Curator. Default is '100m'. - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified. - `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land. - `openshift_logging_image_pull_secret`: The name of an existing pull secret to link to the logging service accounts - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'. -- `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. +- `openshift_logging_kibana_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_proxy_debug`: When "True", set the Kibana Proxy log level to DEBUG. Defaults to 'false'. -- `openshift_logging_kibana_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. +- `openshift_logging_kibana_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1. - `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. - `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect. - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'. -- `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'. +- `openshift_logging_fluentd_cpu_request`: The minimum amount of CPU to allocate for Fluentd collector pods. Defaults to '100m'. - `openshift_logging_fluentd_memory_limit`: The memory limit for Fluentd pods. Defaults to '512Mi'. - `openshift_logging_fluentd_use_journal`: *DEPRECATED - DO NOT USE* Fluentd will automatically detect whether or not Docker is using the journald log driver. - `openshift_logging_fluentd_journal_read_from_head`: If empty, Fluentd will use its internal default, which is false. @@ -80,7 +80,7 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_es_client_key`: The location of the client key Fluentd uses for openshift_logging_es_host. Defaults to '/etc/fluent/keys/key'. - `openshift_logging_es_cluster_size`: The number of ES cluster members. Defaults to '1'. -- `openshift_logging_es_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set +- `openshift_logging_es_cpu_request`: The minimum amount of CPU to allocate for an ES pod cluster member. Defaults to 1 CPU. - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'. - `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'. - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs. Defaults to 'None'. @@ -107,7 +107,7 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_client_cert`: /etc/fluent/keys/cert - `openshift_logging_es_ops_client_key`: /etc/fluent/keys/key - `openshift_logging_es_ops_cluster_size`: 1 -- `openshift_logging_es_ops_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set +- `openshift_logging_es_ops_cpu_request`: The minimum amount of CPU to allocate for an ES ops pod cluster member. Defaults to 1 CPU. - `openshift_logging_es_ops_memory_limit`: 8Gi - `openshift_logging_es_ops_pvc_dynamic`: False - `openshift_logging_es_ops_pvc_size`: "" @@ -115,9 +115,9 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_recover_after_time`: 5m - `openshift_logging_es_ops_storage_group`: 65534 - `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'. -- `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. +- `openshift_logging_kibana_ops_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. -- `openshift_logging_kibana_ops_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. +- `openshift_logging_kibana_ops_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_replica_count`: The number of replicas Kibana ops should be scaled up to. Defaults to 1. @@ -176,7 +176,7 @@ Elasticsearch OPS too, if using an OPS cluster: clients will use to connect to mux, and will be used in the TLS server cert subject. - `openshift_logging_mux_port`: 24284 -- `openshift_logging_mux_cpu_limit`: 100m +- `openshift_logging_mux_cpu_request`: 100m - `openshift_logging_mux_memory_limit`: 512Mi - `openshift_logging_mux_default_namespaces`: Default `["mux-undefined"]` - the first value in the list is the namespace to use for undefined projects, @@ -225,3 +225,80 @@ The corresponding openshift\_logging\_mux\_* parameters are below. - `openshift_logging_mux_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message - `openshift_logging_mux_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false` - `openshift_logging_mux_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message + +Image update procedure +---------------------- +An upgrade of the logging stack from older version to newer is an automated process and should be performed by calling appropriate ansible playbook and setting required ansible variables in your inventory as documented in https://docs.openshift.org/. + +Following text describes manual update of the logging images without version upgrade. To determine the current version of images being used you can. +``` +oc describe pod | grep 'Image ID:' +``` +This will get the repo digest that can later be compared to the inspected image details. + +A way to determine when was your image last updated: +``` +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +<registry>/openshift3/logging-fluentd v3.7 ff2e249fc45a About an hour ago 235.2 MB + +$ docker inspect ff2e249fc45a +[ + { + . . . + "RepoDigests": [ + "<registry>/openshift3/logging-fluentd@sha256:4346f0aa9694f32735115705ad324803b1a6ff08343c3288f7a62c3a5cb70495" + ], + . . . + "Config": { + . . . + "Labels": { + . . . + "build-date": "2017-10-12T14:38:22.414827", + . . . + "release": "0.143.3.0", + . . . + "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/logging-fluentd/images/v3.7.0-0.143.3.0", + . . . + "version": "v3.7.0" + } + }, + . . . +``` + +Pull a new image to see if registry has any newer images with the same tag: +``` +$ docker pull <registry>/openshift3/logging-fluentd:v3.7 +``` + +If there was an update, you need to run the `docker pull` on each node. + +It is recommended that you now rerun the `openshift_logging` playbook to ensure that any necessary config changes are also picked up. + +To manually redeploy your pod you can do the following: +- for a DC you can do: +``` +oc rollout latest <dc_name> +``` + +- for a RC you can scale down and scale back up +``` +oc scale --replicas=0 <rc_name> + +... wait for scale down + +oc scale --replicas=<original_replica_count> <rc_name> +``` + +- for a DS you can delete the pod or unlabel and relabel your node +``` +oc delete pod --selector=<ds_selector> +``` + +Changelog +--------- +Tue Oct 26, 2017 +- Make CPU request equal limit if limit is greater then request + +Tue Oct 10, 2017 +- Default imagePullPolicy changed from Always to IfNotPresent diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 6e7e2557f..626732d16 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -18,20 +18,24 @@ openshift_logging_curator_run_minute: 0 openshift_logging_curator_run_timezone: UTC openshift_logging_curator_script_log_level: INFO openshift_logging_curator_log_level: ERROR -openshift_logging_curator_cpu_limit: 100m -openshift_logging_curator_memory_limit: null +openshift_logging_curator_cpu_limit: null +openshift_logging_curator_memory_limit: 256Mi +openshift_logging_curator_cpu_request: 100m openshift_logging_curator_nodeselector: {} -openshift_logging_curator_ops_cpu_limit: 100m -openshift_logging_curator_ops_memory_limit: null +openshift_logging_curator_ops_cpu_limit: null +openshift_logging_curator_ops_memory_limit: 256Mi +openshift_logging_curator_ops_cpu_request: 100m openshift_logging_curator_ops_nodeselector: {} openshift_logging_kibana_hostname: "{{ 'kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_memory_limit: 736Mi +openshift_logging_kibana_cpu_request: 100m openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: 256Mi +openshift_logging_kibana_proxy_cpu_request: 100m openshift_logging_kibana_replica_count: 1 openshift_logging_kibana_edge_term_policy: Redirect @@ -53,9 +57,11 @@ openshift_logging_kibana_ca: "" openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: 736Mi +openshift_logging_kibana_ops_cpu_request: 100m openshift_logging_kibana_ops_proxy_debug: false openshift_logging_kibana_ops_proxy_cpu_limit: null openshift_logging_kibana_ops_proxy_memory_limit: 256Mi +openshift_logging_kibana_ops_proxy_cpu_request: 100m openshift_logging_kibana_ops_replica_count: 1 #The absolute path on the control node to the cert file to use @@ -71,13 +77,14 @@ openshift_logging_kibana_ops_key: "" openshift_logging_kibana_ops_ca: "" openshift_logging_fluentd_nodeselector: {'logging-infra-fluentd': 'true'} -openshift_logging_fluentd_cpu_limit: 100m +openshift_logging_fluentd_cpu_limit: null openshift_logging_fluentd_memory_limit: 512Mi +openshift_logging_fluentd_cpu_request: 100m openshift_logging_fluentd_journal_source: "" openshift_logging_fluentd_journal_read_from_head: "" openshift_logging_fluentd_hosts: ['--all'] -openshift_logging_fluentd_buffer_queue_limit: 1024 -openshift_logging_fluentd_buffer_size_limit: 1m +openshift_logging_fluentd_buffer_queue_limit: 32 +openshift_logging_fluentd_buffer_size_limit: 8m openshift_logging_es_host: logging-es openshift_logging_es_port: 9200 @@ -85,7 +92,8 @@ openshift_logging_es_ca: /etc/fluent/keys/ca openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key openshift_logging_es_cluster_size: 1 -openshift_logging_es_cpu_limit: 1000m +openshift_logging_es_cpu_limit: null +openshift_logging_es_cpu_request: "1" # the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console' openshift_logging_es_log_appenders: ['file'] openshift_logging_es_memory_limit: "8Gi" @@ -98,8 +106,6 @@ openshift_logging_es_storage_group: "65534" openshift_logging_es_nodeselector: {} # openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml openshift_logging_es_config: {} -openshift_logging_es_number_of_shards: 1 -openshift_logging_es_number_of_replicas: 0 # for exposing es to external (outside of the cluster) clients openshift_logging_es_allow_external: False @@ -126,8 +132,9 @@ openshift_logging_es_ops_ca: /etc/fluent/keys/ca openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_logging_elasticsearch_ops_cluster_size | default(1) }}" -openshift_logging_es_ops_cpu_limit: 1000m -openshift_logging_es_ops_memory_limit: "8Gi" +openshift_logging_es_ops_cpu_limit: null +openshift_logging_es_ops_memory_limit: 8Gi +openshift_logging_es_ops_cpu_request: "1" openshift_logging_es_ops_pv_selector: "{{ openshift_loggingops_storage_labels | default('') }}" openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}" @@ -160,8 +167,9 @@ openshift_logging_mux_allow_external: False openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_mux_port: 24284 -openshift_logging_mux_cpu_limit: 500m -openshift_logging_mux_memory_limit: 1Gi +openshift_logging_mux_cpu_limit: null +openshift_logging_mux_memory_limit: 512Mi +openshift_logging_mux_cpu_request: 100m # the namespace to use for undefined projects should come first, followed by any # additional namespaces to create by default - users will typically not need to set this openshift_logging_mux_default_namespaces: ["mux-undefined"] diff --git a/roles/openshift_logging/filter_plugins/openshift_logging.py b/roles/openshift_logging/filter_plugins/openshift_logging.py index 330e7e59a..e1a5ea726 100644 --- a/roles/openshift_logging/filter_plugins/openshift_logging.py +++ b/roles/openshift_logging/filter_plugins/openshift_logging.py @@ -3,6 +3,7 @@ ''' import random +import re def es_storage(os_logging_facts, dc_name, pvc_claim, root='elasticsearch'): @@ -17,6 +18,47 @@ def es_storage(os_logging_facts, dc_name, pvc_claim, root='elasticsearch'): return dict(kind='emptydir') +def min_cpu(left, right): + '''Return the minimum cpu value of the two values given''' + message = "Unable to evaluate {} cpu value is specified correctly '{}'. Exp whole, decimal or int followed by M" + pattern = re.compile(r"^(\d*\.?\d*)([Mm])?$") + millis_per_core = 1000 + if not right: + return left + m_left = pattern.match(left) + if not m_left: + raise RuntimeError(message.format("left", left)) + m_right = pattern.match(right) + if not m_right: + raise RuntimeError(message.format("right", right)) + left_value = float(m_left.group(1)) + right_value = float(m_right.group(1)) + if m_left.group(2) not in ["M", "m"]: + left_value = left_value * millis_per_core + if m_right.group(2) not in ["M", "m"]: + right_value = right_value * millis_per_core + response = left + if left_value != min(left_value, right_value): + response = right + return response + + +def walk(source, path, default, delimiter='.'): + '''Walk the sourch hash given the path and return the value or default if not found''' + if not isinstance(source, dict): + raise RuntimeError('The source is not a walkable dict: {} path: {}'.format(source, path)) + keys = path.split(delimiter) + max_depth = len(keys) + cur_depth = 0 + while cur_depth < max_depth: + if keys[cur_depth] in source: + source = source[keys[cur_depth]] + cur_depth = cur_depth + 1 + else: + return default + return source + + def random_word(source_alpha, length): ''' Returns a random word given the source of characters to pick from and resulting length ''' return ''.join(random.choice(source_alpha) for i in range(length)) @@ -71,7 +113,9 @@ class FilterModule(object): 'random_word': random_word, 'entry_from_named_pair': entry_from_named_pair, 'map_from_pairs': map_from_pairs, + 'min_cpu': min_cpu, 'es_storage': es_storage, 'serviceaccount_name': serviceaccount_name, - 'serviceaccount_namespace': serviceaccount_namespace + 'serviceaccount_namespace': serviceaccount_namespace, + 'walk': walk } diff --git a/roles/openshift_logging/filter_plugins/test b/roles/openshift_logging/filter_plugins/test new file mode 100644 index 000000000..bac25c012 --- /dev/null +++ b/roles/openshift_logging/filter_plugins/test @@ -0,0 +1,49 @@ +import unittest +from openshift_logging import walk +from openshift_logging import min_cpu + +class TestFilterMethods(unittest.TestCase): + + + def test_min_cpu_for_none(self): + source = "1000M" + self.assertEquals(min_cpu(source, None), "1000M") + + def test_min_cpu_for_millis(self): + source = "1" + self.assertEquals(min_cpu(source, "0.1"), "0.1") + + + def test_min_cpu_for_whole(self): + source = "120M" + self.assertEquals(min_cpu(source, "2"), "120M") + + + def test_walk_find_key(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.xyz', 123, delimiter='#'), 'myvalue') + + + def test_walk_return_default(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.abc', 123, delimiter='#'), 123) + + + def test_walk_limit_max_depth(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.abc#dontfindme', 123, delimiter='#'), 123) + + def test_complex_hash(self): + source = { + 'elasticsearch': { + 'configmaps': { + 'logging-elasticsearch': { + 'elasticsearch.yml': "a string value" + } + } + } + } + self.assertEquals(walk(source,'elasticsearch#configmaps#logging-elasticsearch#elasticsearch.yml', 123, delimiter='#'), "a string value") + +if __name__ == '__main__': + unittest.main() diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index ce7688581..88b893448 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py index f10df8da5..98d0d1c4f 100644 --- a/roles/openshift_logging/library/openshift_logging_facts.py +++ b/roles/openshift_logging/library/openshift_logging_facts.py @@ -207,7 +207,7 @@ class OpenshiftLoggingFacts(OCBaseCommand): def facts_for_configmaps(self, namespace): ''' Gathers facts for configmaps in logging namespace ''' self.default_keys_for("configmaps") - a_list = self.oc_command("get", "configmaps", namespace=namespace, add_options=["-l", LOGGING_SELECTOR]) + a_list = self.oc_command("get", "configmaps", namespace=namespace) if len(a_list["items"]) == 0: return for item in a_list["items"]: diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 21fd79c28..cec295d65 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -36,6 +36,14 @@ - openshift_logging_label_key != "" - openshift_logging_label_value is defined +- name: Annotate Logging Project to allow overcommit + oc_edit: + kind: ns + name: "{{ openshift_logging_namespace }}" + separator: '#' + content: + metadata#annotations#quota.openshift.io/cluster-resource-override-enabled: "false" + - name: Create logging cert directory file: path: "{{ openshift.common.config_base }}/logging" @@ -69,20 +77,23 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_deployment_name: "{{ item.0.name }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}" + openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" - openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if item.0.nodeSelector | default(None) is none else item.0.nodeSelector }}" - openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if item.0.storageGroups | default([]) | length == 0 else item.0.storageGroups }}" - _es_containers: "{{item.0.containers}}" + openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if outer_item.0.nodeSelector | default(None) is none else outer_item.0.nodeSelector }}" + openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if outer_item.0.storageGroups | default([]) | length == 0 else outer_item.0.storageGroups }}" + _es_containers: "{{ outer_item.0.containers}}" + _es_configmap: "{{ openshift_logging_facts | walk('elasticsearch#configmaps#logging-elasticsearch#elasticsearch.yml', '{}', delimiter='#') | from_yaml }}" with_together: - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.values() }}" - "{{ openshift_logging_facts.elasticsearch.pvcs }}" - "{{ es_indices }}" + loop_control: + loop_var: outer_item when: - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count > 0 @@ -92,13 +103,15 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ outer_item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count }} + loop_control: + loop_var: outer_item - set_fact: es_ops_indices={{ es_ops_indices | default([]) + [item | int - 1] }} with_sequence: count={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} @@ -122,8 +135,8 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_deployment_name: "{{ item.0.name }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}" + openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_ops_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" @@ -133,20 +146,27 @@ openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" - openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector if item.0.nodeSelector | default(None) is none else item.0.nodeSelector }}" - openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_ops_storage_group] if item.0.storageGroups | default([]) | length == 0 else item.0.storageGroups }}" + openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" + openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector if outer_item.0.nodeSelector | default(None) is none else outer_item.0.nodeSelector }}" + openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_ops_storage_group] if outer_item.0.storageGroups | default([]) | length == 0 else outer_item.0.storageGroups }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}" openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}" openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" - _es_containers: "{{item.0.containers}}" + openshift_logging_es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards | default(None) }}" + openshift_logging_es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas | default(None) }}" + _es_containers: "{{ outer_item.0.containers}}" + _es_configmap: "{{ openshift_logging_facts | walk('elasticsearch_ops#configmaps#logging-elasticsearch-ops#elasticsearch.yml', '{}', delimiter='#') | from_yaml }}" with_together: - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.values() }}" - "{{ openshift_logging_facts.elasticsearch_ops.pvcs }}" - "{{ es_ops_indices }}" + loop_control: + loop_var: outer_item + when: - openshift_logging_use_ops | bool - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count > 0 @@ -157,7 +177,7 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ outer_item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" @@ -167,6 +187,7 @@ openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" + openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" @@ -176,6 +197,8 @@ openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} + loop_control: + loop_var: outer_item when: - openshift_logging_use_ops | bool @@ -207,11 +230,13 @@ openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}" openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}" openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}" + openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}" openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}" openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}" openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}" openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}" openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}" + openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}" openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}" openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}" openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}" @@ -243,6 +268,7 @@ openshift_logging_curator_master_url: "{{ openshift_logging_master_url }}" openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}" + openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}" openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}" openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}" when: diff --git a/roles/openshift_logging/templates/jks_pod.j2 b/roles/openshift_logging/templates/jks_pod.j2 index 8b1c74211..e4110b7b3 100644 --- a/roles/openshift_logging/templates/jks_pod.j2 +++ b/roles/openshift_logging/templates/jks_pod.j2 @@ -8,7 +8,7 @@ spec: containers: - name: jks-cert-gen image: {{openshift_logging_image_prefix}}logging-deployer:{{openshift_logging_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent command: ["sh", "{{generated_certs_dir}}/generate-jks.sh"] securityContext: privileged: true diff --git a/roles/openshift_logging_curator/defaults/main.yml b/roles/openshift_logging_curator/defaults/main.yml index 17807b644..9cae9f936 100644 --- a/roles/openshift_logging_curator/defaults/main.yml +++ b/roles/openshift_logging_curator/defaults/main.yml @@ -9,8 +9,9 @@ openshift_logging_curator_namespace: logging ### Common settings openshift_logging_curator_nodeselector: "" -openshift_logging_curator_cpu_limit: 100m -openshift_logging_curator_memory_limit: null +openshift_logging_curator_cpu_limit: null +openshift_logging_curator_cpu_request: 100m +openshift_logging_curator_memory_limit: 256Mi openshift_logging_curator_es_host: "logging-es" openshift_logging_curator_es_port: 9200 diff --git a/roles/openshift_logging_curator/tasks/main.yaml b/roles/openshift_logging_curator/tasks/main.yaml index 6e8fab2b5..fcaf18ed4 100644 --- a/roles/openshift_logging_curator/tasks/main.yaml +++ b/roles/openshift_logging_curator/tasks/main.yaml @@ -90,6 +90,7 @@ es_host: "{{ openshift_logging_curator_es_host }}" es_port: "{{ openshift_logging_curator_es_port }}" curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}" + curator_cpu_request: "{{ openshift_logging_curator_cpu_request | min_cpu(openshift_logging_curator_cpu_limit | default(none)) }}" curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}" curator_replicas: "{{ openshift_logging_curator_replicas | default (1) }}" curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}" diff --git a/roles/openshift_logging_curator/templates/curator.j2 b/roles/openshift_logging_curator/templates/curator.j2 index e74918a40..462128366 100644 --- a/roles/openshift_logging_curator/templates/curator.j2 +++ b/roles/openshift_logging_curator/templates/curator.j2 @@ -38,14 +38,27 @@ spec: - name: "curator" image: {{image}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %} resources: +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") %} limits: +{% if curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "" %} cpu: "{{curator_cpu_limit}}" -{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} +{% endif %} +{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} memory: "{{curator_memory_limit}}" +{% endif %} +{% endif %} +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %} requests: +{% if curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "" %} + cpu: "{{curator_cpu_request}}" +{% endif %} +{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} memory: "{{curator_memory_limit}}" +{% endif %} +{% endif %} {% endif %} env: - diff --git a/roles/openshift_logging_elasticsearch/defaults/main.yml b/roles/openshift_logging_elasticsearch/defaults/main.yml index fc48b7f71..9fc6fd1d8 100644 --- a/roles/openshift_logging_elasticsearch/defaults/main.yml +++ b/roles/openshift_logging_elasticsearch/defaults/main.yml @@ -6,7 +6,8 @@ openshift_logging_elasticsearch_image_pull_secret: "{{ openshift_hosted_logging_ openshift_logging_elasticsearch_namespace: logging openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector | default('') }}" -openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_cpu_limit | default('1000m') }}" +openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_cpu_limit | default('') }}" +openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_cpu_request | default('1000m') }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_memory_limit | default('1Gi') }}" openshift_logging_elasticsearch_recover_after_time: "{{ openshift_logging_es_recover_after_time | default('5m') }}" @@ -40,7 +41,7 @@ openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_ # config the es plugin to write kibana index based on the index mode openshift_logging_elasticsearch_kibana_index_mode: 'unique' -openshift_logging_elasticsearch_proxy_cpu_limit: "100m" +openshift_logging_elasticsearch_proxy_cpu_request: "100m" openshift_logging_elasticsearch_proxy_memory_limit: "64Mi" openshift_logging_elasticsearch_prometheus_sa: "system:serviceaccount:{{openshift_prometheus_namespace | default('prometheus')}}:prometheus" diff --git a/roles/openshift_logging_elasticsearch/files/es_migration.sh b/roles/openshift_logging_elasticsearch/files/es_migration.sh deleted file mode 100644 index 339b5a1b2..000000000 --- a/roles/openshift_logging_elasticsearch/files/es_migration.sh +++ /dev/null @@ -1,79 +0,0 @@ -CA=${1:-/etc/openshift/logging/ca.crt} -KEY=${2:-/etc/openshift/logging/system.admin.key} -CERT=${3:-/etc/openshift/logging/system.admin.crt} -openshift_logging_es_host=${4:-logging-es} -openshift_logging_es_port=${5:-9200} -namespace=${6:-logging} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# skip indices that contain a uuid -# get a list of unique project -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 !~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_proj_uuid_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 ~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -if [[ -z "$(oc get pods -l component=es -o jsonpath='{.items[?(@.status.phase == "Running")].metadata.name}')" ]]; then - echo "No Elasticsearch pods found running. Cannot update common data model." - exit 1 -fi - -count=$(get_list_of_indices | wc -l) -if [ $count -eq 0 ]; then - echo No matching indices found - skipping update_for_uuid -else - echo Creating aliases for $count index patterns . . . - { - echo '{"actions":[' - get_list_of_indices | \ - while IFS=. read proj ; do - # e.g. make test.uuid.* an alias of test.* so we can search for - # /test.uuid.*/_search and get both the test.uuid.* and - # the test.* indices - uid=$(oc get project "$proj" -o jsonpath='{.metadata.uid}' 2>/dev/null) - [ -n "$uid" ] && echo "{\"add\":{\"index\":\"$proj.*\",\"alias\":\"$proj.$uuid.*\"}}" - done - echo ']}' - } | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" -fi - -count=$(get_list_of_proj_uuid_indices | wc -l) -if [ $count -eq 0 ] ; then - echo No matching indexes found - skipping update_for_common_data_model - exit 0 -fi - -echo Creating aliases for $count index patterns . . . -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -{ - echo '{"actions":[' - get_list_of_proj_uuid_indices | \ - while IFS=. read proj uuid ; do - # e.g. make project.test.uuid.* and alias of test.uuid.* so we can search for - # /project.test.uuid.*/_search and get both the test.uuid.* and - # the project.test.uuid.* indices - echo "{\"add\":{\"index\":\"$proj.$uuid.*\",\"alias\":\"${PROJ_PREFIX}$proj.$uuid.*\"}}" - done - echo ']}' -} | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index aeff2d198..e7ef443bd 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -164,13 +164,17 @@ when: es_logging_contents is undefined changed_when: no +- set_fact: + __es_num_of_shards: "{{ _es_configmap | default({}) | walk('index.number_of_shards', '1') }}" + __es_num_of_replicas: "{{ _es_configmap | default({}) | walk('index.number_of_replicas', '0') }}" + - template: src: elasticsearch.yml.j2 dest: "{{ tempdir }}/elasticsearch.yml" vars: allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}" - es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}" - es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(None) or __es_num_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(None) or __es_num_of_replicas }}" es_kibana_index_mode: "{{ openshift_logging_elasticsearch_kibana_index_mode | default('unique') }}" when: es_config_contents is undefined @@ -349,7 +353,8 @@ deploy_name: "{{ es_deploy_name }}" image: "{{ openshift_logging_elasticsearch_image_prefix }}logging-elasticsearch:{{ openshift_logging_elasticsearch_image_version }}" proxy_image: "{{ openshift_logging_elasticsearch_proxy_image_prefix }}oauth-proxy:{{ openshift_logging_elasticsearch_proxy_image_version }}" - es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}" + es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit | default('') }}" + es_cpu_request: "{{ openshift_logging_elasticsearch_cpu_request | min_cpu(openshift_logging_elasticsearch_cpu_limit | default(none)) }}" es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}" diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index ce3b2eb83..0c7d8b46e 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -41,7 +41,7 @@ spec: containers: - name: proxy image: {{ proxy_image }} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent args: - --upstream-ca=/etc/elasticsearch/secret/admin-ca - --https-address=:4443 @@ -69,21 +69,22 @@ spec: readOnly: true resources: limits: - cpu: "{{openshift_logging_elasticsearch_proxy_cpu_limit }}" memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" requests: + cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}" memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" - name: "elasticsearch" image: {{image}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: - memory: "{{es_memory_limit}}" -{% if es_cpu_limit is defined and es_cpu_limit is not none %} +{% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %} cpu: "{{es_cpu_limit}}" {% endif %} + memory: "{{es_memory_limit}}" requests: + cpu: "{{es_cpu_request}}" memory: "{{es_memory_limit}}" {% if es_container_security_context %} securityContext: {{ es_container_security_context | to_yaml }} diff --git a/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml index c87d48e27..2fd960bb5 100644 --- a/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml +++ b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml @@ -1,3 +1,3 @@ --- -__openshift_logging_elasticsearch_proxy_image_prefix: "registry.access.redhat.com/openshift3/" +__openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" __openshift_logging_elasticsearch_proxy_image_version: "v3.7" diff --git a/roles/openshift_logging_eventrouter/README.md b/roles/openshift_logging_eventrouter/README.md index da313d68b..611bdaee0 100644 --- a/roles/openshift_logging_eventrouter/README.md +++ b/roles/openshift_logging_eventrouter/README.md @@ -3,9 +3,9 @@ Event router A pod forwarding kubernetes events to EFK aggregated logging stack. -- **eventrouter** is deployed to logging project, has a service account and its own role to read events +- **eventrouter** is deployed to default project, has a service account and its own role to read events - **eventrouter** watches kubernetes events, marshalls them to JSON and outputs to its sink, currently only various formatting to STDOUT -- **fluentd** picks them up and inserts to elasticsearch *.operations* index +- **fluentd** ingests as logs from **eventrouter** container (as it would any other container), and writes them to the appropriate index for the **eventrouter**'s namespace (in the 'default' namespace, the *.operations* index is used) - `openshift_logging_install_eventrouter`: When 'True', eventrouter will be installed. When 'False', eventrouter will be uninstalled. @@ -15,6 +15,6 @@ Configuration variables: - `openshift_logging_eventrouter_image_version`: The image version for the logging eventrouter. Defaults to 'latest'. - `openshift_logging_eventrouter_sink`: Select a sink for eventrouter, supported 'stdout' and 'glog'. Defaults to 'stdout'. - `openshift_logging_eventrouter_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. -- `openshift_logging_eventrouter_cpu_limit`: The amount of CPU to allocate to eventrouter. Defaults to '100m'. +- `openshift_logging_eventrouter_cpu_request`: The minimum amount of CPU to allocate to eventrouter. Defaults to '100m'. - `openshift_logging_eventrouter_memory_limit`: The memory limit for eventrouter pods. Defaults to '128Mi'. - `openshift_logging_eventrouter_namespace`: The namespace where eventrouter is deployed. Defaults to 'default'. diff --git a/roles/openshift_logging_eventrouter/defaults/main.yaml b/roles/openshift_logging_eventrouter/defaults/main.yaml index 34e33f75f..4c0350c98 100644 --- a/roles/openshift_logging_eventrouter/defaults/main.yaml +++ b/roles/openshift_logging_eventrouter/defaults/main.yaml @@ -4,6 +4,7 @@ openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version openshift_logging_eventrouter_replicas: 1 openshift_logging_eventrouter_sink: stdout openshift_logging_eventrouter_nodeselector: "" -openshift_logging_eventrouter_cpu_limit: 100m +openshift_logging_eventrouter_cpu_limit: null +openshift_logging_eventrouter_cpu_request: 100m openshift_logging_eventrouter_memory_limit: 128Mi openshift_logging_eventrouter_namespace: default diff --git a/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml b/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml index 91708e54b..cc01c010d 100644 --- a/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml +++ b/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml @@ -56,7 +56,7 @@ objects: containers: - name: kube-eventrouter image: ${IMAGE} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: memory: ${MEMORY} diff --git a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml index 8df7435e2..cbbc6a8ec 100644 --- a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml +++ b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml @@ -45,7 +45,7 @@ params: IMAGE: "{{openshift_logging_eventrouter_image_prefix}}logging-eventrouter:{{openshift_logging_eventrouter_image_version}}" REPLICAS: "{{ openshift_logging_eventrouter_replicas }}" - CPU: "{{ openshift_logging_eventrouter_cpu_limit }}" + CPU: "{{ openshift_logging_eventrouter_cpu_request }}" MEMORY: "{{ openshift_logging_eventrouter_memory_limit }}" NAMESPACE: "{{ openshift_logging_eventrouter_namespace }}" SINK: "{{ openshift_logging_eventrouter_sink }}" diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 index ea1fd3efd..5a4f7f762 100644 --- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 +++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 @@ -25,7 +25,7 @@ objects: metadata: name: logging-eventrouter data: - config.json: |- + config.json: |- { "sink": "${SINK}" } @@ -62,12 +62,12 @@ objects: containers: - name: kube-eventrouter image: ${IMAGE} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: - memory: ${MEMORY} - cpu: ${CPU} + memory: ${MEMORY} requires: + cpu: ${CPU} memory: ${MEMORY} volumeMounts: - name: config-volume diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index 25f7580a4..861935c99 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -8,7 +8,8 @@ openshift_logging_fluentd_namespace: logging ### Common settings openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" -openshift_logging_fluentd_cpu_limit: 100m +openshift_logging_fluentd_cpu_limit: null +openshift_logging_fluentd_cpu_request: 100m openshift_logging_fluentd_memory_limit: 512Mi openshift_logging_fluentd_hosts: ['--all'] @@ -55,7 +56,7 @@ openshift_logging_fluentd_aggregating_passphrase: none #fluentd_throttle_contents: #fluentd_secureforward_contents: -openshift_logging_fluentd_file_buffer_limit: 1Gi +openshift_logging_fluentd_file_buffer_limit: 256Mi # Configure fluentd to tail audit log file and filter out container engine's logs from there # These logs are then stored in ES operation index diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index 06bb35dbc..2f89c3f9f 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -154,7 +154,6 @@ path: "{{ generated_certs_dir }}/system.logging.fluentd.crt" # create Fluentd daemonset - # this should change based on the type of fluentd deployment to be done... # TODO: pass in aggregation configurations - name: Generate logging-fluentd daemonset definition @@ -172,6 +171,9 @@ ops_port: "{{ openshift_logging_fluentd_ops_port }}" fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}" fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}" + fluentd_cpu_limit: "{{ openshift_logging_fluentd_cpu_limit }}" + fluentd_cpu_request: "{{ openshift_logging_fluentd_cpu_request | min_cpu(openshift_logging_fluentd_cpu_limit | default(none)) }}" + fluentd_memory_limit: "{{ openshift_logging_fluentd_memory_limit }}" audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}" audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}" audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}" diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index 644b70031..10283316c 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -29,15 +29,30 @@ spec: containers: - name: "{{ daemonset_container_name }}" image: "{{ openshift_logging_fluentd_image_prefix }}{{ daemonset_name }}:{{ openshift_logging_fluentd_image_version }}" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent securityContext: privileged: true +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %} resources: +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) %} limits: - cpu: {{ openshift_logging_fluentd_cpu_limit }} - memory: {{ openshift_logging_fluentd_memory_limit }} +{% if fluentd_cpu_limit is not none %} + cpu: "{{fluentd_cpu_limit}}" +{% endif %} +{% if fluentd_memory_limit is not none %} + memory: "{{fluentd_memory_limit}}" +{% endif %} +{% endif %} +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %} requests: - memory: {{ openshift_logging_fluentd_memory_limit }} +{% if fluentd_cpu_request is not none %} + cpu: "{{fluentd_cpu_request}}" +{% endif %} +{% if fluentd_memory_limit is not none %} + memory: "{{fluentd_memory_limit}}" +{% endif %} +{% endif %} +{% endif %} volumeMounts: - name: runlogjournal mountPath: /run/log/journal @@ -115,7 +130,7 @@ spec: containerName: "{{ daemonset_container_name }}" resource: limits.memory - name: "FILE_BUFFER_LIMIT" - value: "{{ openshift_logging_fluentd_file_buffer_limit | default('1Gi') }}" + value: "{{ openshift_logging_fluentd_file_buffer_limit | default('256i') }}" {% if openshift_logging_mux_client_mode is defined and ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} diff --git a/roles/openshift_logging_kibana/defaults/main.yml b/roles/openshift_logging_kibana/defaults/main.yml index ee265bb14..1366e96cd 100644 --- a/roles/openshift_logging_kibana/defaults/main.yml +++ b/roles/openshift_logging_kibana/defaults/main.yml @@ -9,6 +9,7 @@ openshift_logging_kibana_namespace: logging openshift_logging_kibana_nodeselector: "" openshift_logging_kibana_cpu_limit: null +openshift_logging_kibana_cpu_request: 100m openshift_logging_kibana_memory_limit: 736Mi openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" @@ -28,6 +29,7 @@ openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null +openshift_logging_kibana_proxy_cpu_request: 100m openshift_logging_kibana_proxy_memory_limit: 256Mi #The absolute path on the control node to the cert file to use diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index e17e8c1f2..8ef8ede9a 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -230,8 +230,10 @@ es_host: "{{ openshift_logging_kibana_es_host }}" es_port: "{{ openshift_logging_kibana_es_port }}" kibana_cpu_limit: "{{ openshift_logging_kibana_cpu_limit }}" + kibana_cpu_request: "{{ openshift_logging_kibana_cpu_request | min_cpu(openshift_logging_kibana_cpu_limit | default(none)) }}" kibana_memory_limit: "{{ openshift_logging_kibana_memory_limit }}" kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_proxy_cpu_limit }}" + kibana_proxy_cpu_request: "{{ openshift_logging_kibana_proxy_cpu_request | min_cpu(openshift_logging_kibana_proxy_cpu_limit | default(none)) }}" kibana_proxy_memory_limit: "{{ openshift_logging_kibana_proxy_memory_limit }}" kibana_replicas: "{{ openshift_logging_kibana_replicas | default (1) }}" kibana_node_selector: "{{ openshift_logging_kibana_nodeselector | default({}) }}" diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2 index da1386d3e..4ff86729a 100644 --- a/roles/openshift_logging_kibana/templates/kibana.j2 +++ b/roles/openshift_logging_kibana/templates/kibana.j2 @@ -37,18 +37,27 @@ spec: - name: "kibana" image: {{ image }} - imagePullPolicy: Always -{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %} + imagePullPolicy: IfNotPresent +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %} resources: +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %} limits: -{% if kibana_cpu_limit is not none and kibana_cpu_limit != "" %} +{% if kibana_cpu_limit is not none and kibana_cpu_limit != "" %} cpu: "{{ kibana_cpu_limit }}" -{% endif %} -{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} +{% endif %} +{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} memory: "{{ kibana_memory_limit }}" +{% endif %} +{% endif %} +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %} requests: +{% if kibana_cpu_request is not none and kibana_cpu_request != "" %} + cpu: "{{ kibana_cpu_request }}" +{% endif %} +{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} memory: "{{ kibana_memory_limit }}" -{% endif %} +{% endif %} +{% endif %} {% endif %} env: - name: "ES_HOST" @@ -75,18 +84,27 @@ spec: - name: "kibana-proxy" image: {{ proxy_image }} - imagePullPolicy: Always -{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %} + imagePullPolicy: IfNotPresent +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %} resources: +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %} limits: -{% if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %} +{% if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %} cpu: "{{ kibana_proxy_cpu_limit }}" -{% endif %} -{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} +{% endif %} +{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} memory: "{{ kibana_proxy_memory_limit }}" +{% endif %} +{% endif %} +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %} requests: +{% if kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "" %} + cpu: "{{ kibana_proxy_cpu_request }}" +{% endif %} +{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} memory: "{{ kibana_proxy_memory_limit }}" -{% endif %} +{% endif %} +{% endif %} {% endif %} ports: - diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml index 68412aec8..9de686576 100644 --- a/roles/openshift_logging_mux/defaults/main.yml +++ b/roles/openshift_logging_mux/defaults/main.yml @@ -9,10 +9,11 @@ openshift_logging_mux_namespace: logging ### Common settings openshift_logging_mux_nodeselector: "{{ openshift_hosted_logging_mux_nodeselector_label | default('') | map_from_pairs }}" -openshift_logging_mux_cpu_limit: 500m -openshift_logging_mux_memory_limit: 2Gi -openshift_logging_mux_buffer_queue_limit: 1024 -openshift_logging_mux_buffer_size_limit: 1m +openshift_logging_mux_cpu_limit: null +openshift_logging_mux_cpu_request: 100m +openshift_logging_mux_memory_limit: 512Mi +openshift_logging_mux_buffer_queue_limit: 32 +openshift_logging_mux_buffer_size_limit: 8m openshift_logging_mux_replicas: 1 @@ -57,11 +58,11 @@ openshift_logging_mux_file_buffer_storage_type: "emptydir" openshift_logging_mux_file_buffer_pvc_name: "logging-mux-pvc" # required if the PVC does not already exist -openshift_logging_mux_file_buffer_pvc_size: 4Gi +openshift_logging_mux_file_buffer_pvc_size: 1Gi openshift_logging_mux_file_buffer_pvc_dynamic: false openshift_logging_mux_file_buffer_pvc_pv_selector: {} openshift_logging_mux_file_buffer_pvc_access_modes: ['ReadWriteOnce'] openshift_logging_mux_file_buffer_storage_group: '65534' openshift_logging_mux_file_buffer_pvc_prefix: "logging-mux" -openshift_logging_mux_file_buffer_limit: 2Gi +openshift_logging_mux_file_buffer_limit: 256Mi diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index 2ec863afa..5b257139e 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -171,6 +171,7 @@ ops_host: "{{ openshift_logging_mux_ops_host }}" ops_port: "{{ openshift_logging_mux_ops_port }}" mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}" + mux_cpu_request: "{{ openshift_logging_mux_cpu_request | min_cpu(openshift_logging_mux_cpu_limit | default(none)) }}" mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}" mux_replicas: "{{ openshift_logging_mux_replicas | default(1) }}" mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}" diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index 4cc48139f..cfb13d59b 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -36,18 +36,27 @@ spec: containers: - name: "mux" image: {{image}} - imagePullPolicy: Always -{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} + imagePullPolicy: IfNotPresent +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %} resources: +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} limits: -{% if mux_cpu_limit is not none %} +{% if mux_cpu_limit is not none %} cpu: "{{mux_cpu_limit}}" -{% endif %} -{% if mux_memory_limit is not none %} +{% endif %} +{% if mux_memory_limit is not none %} memory: "{{mux_memory_limit}}" +{% endif %} +{% endif %} +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %} requests: +{% if mux_cpu_request is not none %} + cpu: "{{mux_cpu_request}}" +{% endif %} +{% if mux_memory_limit is not none %} memory: "{{mux_memory_limit}}" -{% endif %} +{% endif %} +{% endif %} {% endif %} ports: - containerPort: "{{ openshift_logging_mux_port }}" diff --git a/roles/openshift_management/README.md b/roles/openshift_management/README.md index 3a71d9211..96de82669 100644 --- a/roles/openshift_management/README.md +++ b/roles/openshift_management/README.md @@ -38,6 +38,10 @@ deployment type (`openshift_deployment_type`): * [Cloud Provider](#cloud-provider) * [Preconfigured (Expert Configuration Only)](#preconfigured-expert-configuration-only) * [Customization](#customization) + * [Container Provider](#container-provider) + * [Manually](#manually) + * [Automatically](#automatically) + * [Multiple Providers](#multiple-providers) * [Uninstall](#uninstall) * [Additional Information](#additional-information) @@ -80,30 +84,20 @@ to there being no databases that require pods. *Be extra careful* if you are overriding template parameters. Including parameters not defined in a template **will -cause errors**. - -**Container Provider Integration** - If you want add your container -platform (OCP/Origin) as a *Container Provider* in CFME/MIQ then you -must ensure that the infrastructure management hooks are installed. - -* During your OCP/Origin install, ensure that you have the - `openshift_use_manageiq` parameter set to `true` in your inventory - at install time. This will create a `management-infra` project and a - service account user. -* After CFME/MIQ is installed, obtain the `management-admin` service - account token and copy it somewhere safe. - -```bash -$ oc serviceaccounts get-token -n management-infra management-admin -eyJhuGdiOiJSUzI1NiIsInR5dCI6IkpXVCJ9.eyJpd9MiOiJrbWJldm5lbGVzL9NldnZpY2VhY2NvbW50Iiwiy9ViZXJuZXRldy5puy9zZXJ2yWNlYWNju9VubC9uYW1ld9BhY2UiOiJtYW5hZ2VtZW50LWluZnJhIiwiy9ViZXJuZXRldy5puy9zZXJ2yWNlYWNju9VubC9zZWNyZXQuumFtZSI6Im1humFnZW1lunQtYWRtyW4tbG9rZW4tdDBnOTAiLCJrbWJldm5lbGVzLmlvL9NldnZpY2VhY2NvbW50L9NldnZpY2UtYWNju9VubC5uYW1lIjoiuWFuYWbluWVubC1hZG1puiIsImt1YmVyumV0ZXMuyW8vd2VybmljZWFjY291unQvd2VybmljZS1hY2NvbW50LnVpZCI6IjRiZDM2MWQ1LWE1NDAtMTFlNy04YzI5LTUyNTQwMDliMmNkZCIsInN1YiI6InN5d9RluTpzZXJ2yWNlYWNju9VubDptYW5hZ2VtZW50LWluZnJhOm1humFnZW1lunQtYWRtyW4ifQ.B6sZLGD9O4vBu9MHwiG-C_4iEwjBXb7Af8BPw-LNlujDmHhOnQ-Oo4QxQKyj9edynfmDy2yutUyJ2Mm9HfDGWg4C9xhWImHoq6Nl7T5_9djkeGKkK7Ejvg4fA-IkrzEsZeQuluBvXnE6wvP0LCjUo_dx4pPyZJyp46teV9NqKQeDzeysjlMCyqp6AK6-Lj8ILG8YA6d_97HlzL_EgFBLAu0lBSn-uC_9J0gLysqBtK6TI0nExfhv9Bm1_5bdHEbKHPW7xIlYlI9AgmyTyhsQ6SoQWtL2khBjkG9TlPBq9wYJj9bzqgVZlqEfICZxgtXO7sYyuoje4y8lo0YQ0kZmig -``` +cause errors**. If you do receive an error during the `Ensure the CFME +App is created` task, we recommend running the +[uninstall scripts](#uninstall) first before running the installer +again. -* In the CFME/MIQ web interface, navigate to `Compute` → - `Containers` → `Providers` and select `âš™ Configuration` → `⊕ - Add a new Containers Provider` +### Beta -*See the [upstream documentation](http://manageiq.org/docs/reference/latest/doc-Managing_Providers/miq/index.html#containers-providers) for additional information.* +Only required for enterprise +(`openshift_deployment_type=openshift-enterprise`) users: +* `openshift_management_install_beta` - by setting this value to + `true` you acknowledge that this software is currently in BETA and + support may be limited nonexistent. This is required to begin the + installation. # Requirements @@ -140,11 +134,14 @@ used in your Ansible inventory to control the behavior of this installer. -| Variable | Required | Default | Description | -|------------------------------------------------|:--------:|:------------------------------:|-------------------------------------| -| `openshift_management_project` | **No** | `openshift-management` | Namespace for the installation. | +| Variable | Required | Default | Description | +|------------------------------------------------------|:--------:|:------------------------------:|-------------------------------------| +| `openshift_management_project` | **No** | `openshift-management` | Namespace for the installation. | | `openshift_management_project_description` | **No** | *CloudForms Management Engine* | Namespace/project description. | -| `openshift_management_install_management` | **No** | `false` | Boolean, set to `true` to install the application | +| `openshift_management_install_management` | **No** | `false` | Boolean, set to `true` to install the application | +| `openshift_management_install_beta` | **No** | `false` | Boolean, by setting this value to `true` you acknowledge that this software is currently in BETA and support may be limited. Only required for *openshift-enterprise* users. | +| `openshift_management_username` | **No** | `admin` | Default management username. Changing this values **does not change the username**. Only change this value if you have changed the name already and are running integration scripts (such as the [add container provider](#container-provider) script) | +| `openshift_management_password` | **No** | `smartvm` | Default management password. Changing this values **does not change the password**. Only change this value if you have changed the password already and are running integration scripts (such as the [add-container-provider](#container-provider) script) | | **PRODUCT CHOICE** | | | | | | `openshift_management_app_template` | **No** | `miq-template` | The project flavor to install. Choices: <ul><li>`miq-template`: ManageIQ using a podified database</li> <li> `miq-template-ext-db`: ManageIQ using an external database</li> <li>`cfme-template`: CloudForms using a podified database<sup>[1]</sup></li> <li> `cfme-template-ext-db`: CloudForms using an external database.<sup>[1]</sup></li></ul> | | **STORAGE CLASSES** | | | | | @@ -268,6 +265,9 @@ openshift_management_app_template=cfme-template-ext-db openshift_management_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} ``` +**NOTE:** Ensure your are running PostgreSQL 9.5 or you may not be +able to deploy the app successfully. + # Limitations This release is the first OpenShift CFME release in the OCP 3.7 @@ -318,7 +318,10 @@ inventory. The following keys are required: * `DATABASE_PORT` - *note: Most PostgreSQL servers run on port `5432`* * `DATABASE_NAME` -Your inventory would contain a line similar to this: +**NOTE:** Ensure your are running PostgreSQL 9.5 or you may not be +able to deploy the app successfully. + +Your inventory would contain lines similar to this: ```ini [OSEv3:vars] @@ -336,7 +339,11 @@ At run time you may run into errors similar to this: TASK [openshift_management : Ensure the CFME App is created] *********************************** task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 Tuesday 03 October 2017 15:30:44 -0400 (0:00:00.056) 0:00:12.278 ******* -{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char 'f'\n", "stdout": ""} +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management", + "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server + (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version + \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char + 'f'\n", "stdout": ""} ``` Or like this: @@ -346,7 +353,10 @@ TASK [openshift_management : Ensure the CFME App is created] ******************* task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 Tuesday 03 October 2017 16:05:36 -0400 (0:00:00.052) 0:00:18.948 ******* fatal: [m01.example.com]: FAILED! => {"changed": true, "failed": true, "msg": -{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP address, (e.g. 10.9.8.7)\n", "stdout": ""}, +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind": + "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" + is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP + address, (e.g. 10.9.8.7)\n", "stdout": ""}, ``` While intimidating at first, there are useful bits of information in @@ -453,6 +463,116 @@ hash. This applies to **CloudForms** installations as well: [cfme-template.yaml](files/templates/cloudforms/cfme-template.yaml), [cfme-template-ext-db.yaml](files/templates/cloudforms/cfme-template-ext-db.yaml). +# Container Provider + +There are two methods for enabling container provider integration. You +can manually add OCP/Origin as a container provider, or you can try +the playbooks included with this role. + +## Manually + +See the online documentation for steps to manually add you cluster as +a container provider: + +* [Container Providers](http://manageiq.org/docs/reference/latest/doc-Managing_Providers/miq/#containers-providers) + +## Automatically + +Automated container provider integration can be accomplished using the +playbooks included with this role. + +This playbook will: + +1. Gather the necessary authentication secrets +1. Find the public routes to the Management app and the cluster API +1. Make a REST call to add this cluster as a container provider + + +``` +$ ansible-playbook -v -i <YOUR_INVENTORY> playbooks/byo/openshift-management/add_container_provider.yml +``` + +## Multiple Providers + +As well as providing playbooks to integrate your *current* container +platform into the management service, this role includes a **tech +preview** script which allows you to add multiple container platforms +as container providers in any arbitrary MIQ/CFME server. + +Using the multiple-provider script requires manual configuration and +setting an `EXTRA_VARS` parameter on the command-line. + + +1. Copy the + [container_providers.yml](files/examples/container_providers.yml) + example somewhere, such as `/tmp/cp.yml` +1. If you changed your CFME/MIQ name or password, update the + `hostname`, `user`, and `password` parameters in the + `management_server` key in the `container_providers.yml` file copy +1. Fill in an entry under the `container_providers` key for *each* OCP + or Origin cluster you want to add as container providers + +**Parameters Which MUST Be Configured:** + +* `auth_key` - This is the token of a service account which has admin capabilities on the cluster. +* `hostname` - This is the hostname that points to the cluster API. Each container provider must have a unique hostname. +* `name` - This is the name of the cluster as displayed in the management server container providers overview. This must be unique. + +*Note*: You can obtain the `auth_key` bearer token from your clusters + with this command: `oc serviceaccounts get-token -n management-infra + management-admin` + +**Parameters Which MAY Be Configured:** + +* `port` - Update this key if your OCP/Origin cluster runs the API on a port other than `8443` +* `endpoint` - You may enable SSL verification (`verify_ssl`) or change the validation setting to `ssl-with-validation`. Support for custom trusted CA certificates is not available at this time. + + +Let's see an example describing the following scenario: + +* You copied `files/examples/container_providers.yml` to `/tmp/cp.yml` +* You're adding two OCP clusters +* Your management server runs on `mgmt.example.com` + +You would customize `/tmp/cp.yml` as such: + +```yaml +--- +container_providers: + - connection_configurations: + - authentication: {auth_key: "management-token-for-this-cluster", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "ocp-prod.example.com" + name: OCP Production + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" + - connection_configurations: + - authentication: {auth_key: "management-token-for-this-cluster", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "ocp-test.example.com" + name: OCP Testing + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" +management_server: + hostname: "mgmt.example.com" + user: admin + password: b3tt3r_p4SSw0rd +``` + +Then you will run the many-container-providers integration script. You +**must** provide the path to the container providers configuration +file as an `EXTRA_VARS` parameter to `ansible-playbook`. Use the `-e` +(or `--extra-vars`) parameter to set `container_providers_config` to +the config file path. + +``` +$ ansible-playbook -v -e container_providers_config=/tmp/cp.yml \ + playbooks/byo/openshift-management/add_many_container_providers.yml +``` + +Afterwards you will find two new container providers in your +management service. Navigate to `Compute` → `Containers` → `Providers` +to see an overview. # Uninstall @@ -461,6 +581,40 @@ installation: * `playbooks/byo/openshift-management/uninstall.yml` +NFS export definitions and data stored on NFS exports are not +automatically removed. You are urged to manually erase any data from +old application or database deployments before attempting to +initialize a new deployment. + +Failure to erase old PostgreSQL data can result in cascading +errors. The postgres pod may enter a `crashloopbackoff` state. This +will block the management pod from ever starting. The cause of the +`crashloopbackoff` is due to incorrect file permissions on the +database NFS export created during a previous deployment. + +To continue, erase all data from the postgres export and delete the +pod (**not** the deployer pod). For example, if you have pods like +such: + +``` +# oc get pods +NAME READY STATUS RESTARTS AGE +httpd-1-cx7fk 1/1 Running 1 21h +manageiq-0 0/1 Running 1 21h +memcached-1-vkc7p 1/1 Running 1 21h +postgresql-1-deploy 1/1 Running 1 21h +postgresql-1-6w2t4 0/1 CrashLoopBackOff 1 21h +``` + +Then you would: + +1. Erase the data from the database NFS export +2. `oc delete postgresql-1-6w2t4` + +The postgres deployer pod will try to scale up a new postgres pod to +replace the one you deleted. Once the postgres pod is running the +manageiq pod will stop blocking and begin application initialization. + # Additional Information The upstream project, diff --git a/roles/openshift_management/defaults/main.yml b/roles/openshift_management/defaults/main.yml index ebb56313f..8ba65b386 100644 --- a/roles/openshift_management/defaults/main.yml +++ b/roles/openshift_management/defaults/main.yml @@ -77,6 +77,20 @@ openshift_management_storage_nfs_base_dir: /exports openshift_management_storage_nfs_local_hostname: false ###################################################################### +# DEFAULT ACCOUNT INFORMATION +###################################################################### +# These are the default values for the username and password of the +# management app. Changing these values in your inventory will not +# change your username or password. You should only need to change +# these values in your inventory if you already changed the actual +# name and password AND are trying to use integration scripts. +# +# For example, adding this cluster as a container provider, +# playbooks/byo/openshift-management/add_container_provider.yml +openshift_management_username: admin +openshift_management_password: smartvm + +###################################################################### # SCAFFOLDING - These are parameters we pre-seed that a user may or # may not set later ###################################################################### diff --git a/roles/openshift_management/files/examples/container_providers.yml b/roles/openshift_management/files/examples/container_providers.yml new file mode 100644 index 000000000..661f62e4d --- /dev/null +++ b/roles/openshift_management/files/examples/container_providers.yml @@ -0,0 +1,22 @@ +--- +container_providers: + - connection_configurations: + - authentication: {auth_key: "management-admin-token-here", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "OCP/Origin cluster hostname (providing API access)" + name: openshift-management + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" +# Copy and update for as many OCP or Origin providers as you want to +# add to your management service + # - connection_configurations: + # - authentication: {auth_key: "management-admin-token-here", authtype: bearer, type: AuthToken} + # endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + # hostname: "OCP/Origin cluster hostname (providing API access)" + # name: openshift-management + # port: 8443 + # type: "ManageIQ::Providers::Openshift::ContainerManager" +management_server: + hostname: "Management server hostname (providing API access)" + user: admin + password: smartvm diff --git a/roles/openshift_management/filter_plugins/oo_management_filters.py b/roles/openshift_management/filter_plugins/oo_management_filters.py new file mode 100644 index 000000000..3b7013d9a --- /dev/null +++ b/roles/openshift_management/filter_plugins/oo_management_filters.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +""" +Filter methods for the management role +""" + + +def oo_filter_container_providers(results): + """results - the result from posting the API calls for adding new +providers""" + all_results = [] + for result in results: + if 'results' in result['json']: + # We got an OK response + res = result['json']['results'][0] + all_results.append("Provider '{}' - Added successfully".format(res['name'])) + elif 'error' in result['json']: + # This was a problem + all_results.append("Provider '{}' - Failed to add. Message: {}".format( + result['item']['name'], result['json']['error']['message'])) + return all_results + + +class FilterModule(object): + """ Custom ansible filter mapping """ + + # pylint: disable=no-self-use, too-few-public-methods + def filters(self): + """ returns a mapping of filters to methods """ + return { + "oo_filter_container_providers": oo_filter_container_providers, + } diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml new file mode 100644 index 000000000..50a5252cc --- /dev/null +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -0,0 +1,77 @@ +--- +- name: Ensure lib_openshift modules are available + include_role: + role: lib_openshift + +- name: Ensure OpenShift facts module is available + include_role: + role: openshift_facts + +- name: Ensure OpenShift facts are loaded + openshift_facts: + +- name: Ensure we use openshift_master_cluster_public_hostname if it is available + set_fact: + l_cluster_hostname: "{{ openshift.master.cluster_public_hostname }}" + when: + - openshift.master.cluster_public_hostname is defined + +- name: Ensure we default to the first master if openshift_master_cluster_public_hostname is unavailable + set_fact: + l_cluster_hostname: "{{ openshift.master.cluster_hostname }}" + when: + - l_cluster_hostname is not defined + +- name: Ensure the management SA Secrets are read + oc_serviceaccount_secret: + state: list + service_account: management-admin + namespace: management-infra + register: sa + +- name: Ensure the management SA bearer token is identified + set_fact: + management_token: "{{ sa.results | oo_filter_sa_secrets }}" + +- name: Ensure the SA bearer token value is read + oc_secret: + state: list + name: "{{ management_token }}" + namespace: management-infra + decode: true + no_log: True + register: sa_secret + +- name: Ensure the SA bearer token value is saved + set_fact: + management_bearer_token: "{{ sa_secret.results.decoded.token }}" + +- name: Ensure we have the public route to the management service + oc_route: + state: list + name: httpd + namespace: openshift-management + register: route + +- name: Ensure the management service route is saved + set_fact: + management_route: "{{ route.results.0.spec.host }}" + +- name: Ensure this cluster is a container provider + uri: + url: "https://{{ management_route }}/api/providers" + body_format: json + method: POST + user: "{{ openshift_management_username }}" + password: "{{ openshift_management_password }}" + validate_certs: no + # Docs on formatting the BODY of the POST request: + # http://manageiq.org/docs/reference/latest/api/reference/providers.html#specifying-connection-configurations + body: + connection_configurations: + - authentication: {auth_key: "{{ management_bearer_token }}", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "{{ l_cluster_hostname }}" + name: "{{ openshift_management_project }}" + port: "{{ openshift.master.api_port }}" + type: "ManageIQ::Providers::Openshift::ContainerManager" diff --git a/roles/openshift_management/tasks/main.yml b/roles/openshift_management/tasks/main.yml index 86c4d0010..9be923a57 100644 --- a/roles/openshift_management/tasks/main.yml +++ b/roles/openshift_management/tasks/main.yml @@ -2,23 +2,33 @@ ######################################################################) # Users, projects, and privileges -- name: Run pre-install CFME validation checks +- name: Run pre-install Management validation checks include: validate.yml -- name: "Ensure the CFME '{{ openshift_management_project }}' namespace exists" +# This creates a service account allowing Container Provider +# integration (managing OCP/Origin via MIQ/Management) +- name: Enable Container Provider Integration + include_role: + role: openshift_manageiq + +- name: "Ensure the Management '{{ openshift_management_project }}' namespace exists" oc_project: state: present name: "{{ openshift_management_project }}" display_name: "{{ openshift_management_project_description }}" -- name: Create and Authorize CFME Accounts +- name: Create and Authorize Management Accounts include: accounts.yml ###################################################################### # STORAGE - Initialize basic storage class +- name: Determine the correct NFS host if required + include: storage/nfs_server.yml + when: openshift_management_storage_class in ['nfs', 'nfs_external'] + #--------------------------------------------------------------------- # * nfs - set up NFS shares on the first master for a proof of concept -- name: Create required NFS exports for CFME app storage +- name: Create required NFS exports for Management app storage include: storage/nfs.yml when: openshift_management_storage_class == 'nfs' @@ -45,7 +55,7 @@ ###################################################################### # APPLICATION TEMPLATE -- name: Install the CFME app and PV templates +- name: Install the Management app and PV templates include: template.yml ###################################################################### @@ -71,9 +81,16 @@ when: - openshift_management_app_template in ['miq-template', 'cfme-template'] -- name: Ensure the CFME App is created +- name: Ensure the Management App is created oc_process: namespace: "{{ openshift_management_project }}" template_name: "{{ openshift_management_template_name }}" create: True params: "{{ openshift_management_template_parameters }}" + +- name: Wait for the app to come up. May take several minutes, 30s check intervals, 10m max + command: "oc logs {{ openshift_management_flavor }}-0 -n {{ openshift_management_project }}" + register: app_seeding_logs + until: app_seeding_logs.stdout.find('Server starting complete') != -1 + delay: 30 + retries: 20 diff --git a/roles/openshift_management/tasks/noop.yml b/roles/openshift_management/tasks/noop.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/openshift_management/tasks/noop.yml @@ -0,0 +1 @@ +--- diff --git a/roles/openshift_management/tasks/storage/create_nfs_pvs.yml b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml index 31c845725..d1b9a8d5c 100644 --- a/roles/openshift_management/tasks/storage/create_nfs_pvs.yml +++ b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml @@ -26,7 +26,7 @@ when: - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is not defined -- name: Check if the CFME App PV has been created +- name: Check if the Management App PV has been created oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -34,7 +34,7 @@ name: "{{ openshift_management_flavor_short }}-app" register: miq_app_pv_check -- name: Check if the CFME DB PV has been created +- name: Check if the Management DB PV has been created oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -44,7 +44,7 @@ when: - openshift_management_app_template in ['miq-template', 'cfme-template'] -- name: Ensure the CFME App PV is created +- name: Ensure the Management App PV is created oc_process: namespace: "{{ openshift_management_project }}" template_name: "{{ openshift_management_flavor }}-app-pv" @@ -55,7 +55,7 @@ NFS_HOST: "{{ openshift_management_nfs_server }}" when: miq_app_pv_check.results.results == [{}] -- name: Ensure the CFME DB PV is created +- name: Ensure the Management DB PV is created oc_process: namespace: "{{ openshift_management_project }}" template_name: "{{ openshift_management_flavor }}-db-pv" diff --git a/roles/openshift_management/tasks/storage/nfs.yml b/roles/openshift_management/tasks/storage/nfs.yml index 696808328..94e11137c 100644 --- a/roles/openshift_management/tasks/storage/nfs.yml +++ b/roles/openshift_management/tasks/storage/nfs.yml @@ -2,37 +2,6 @@ # Tasks to statically provision NFS volumes # Include if not using dynamic volume provisioning -- name: Ensure we save the local NFS server if one is provided - set_fact: - openshift_management_nfs_server: "{{ openshift_management_storage_nfs_local_hostname }}" - when: - - openshift_management_storage_nfs_local_hostname is defined - - openshift_management_storage_nfs_local_hostname != False - - openshift_management_storage_class == "nfs" - -- name: Ensure we save the local NFS server - set_fact: - openshift_management_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}" - when: - - openshift_management_nfs_server is not defined - - openshift_management_storage_class == "nfs" - -- name: Ensure we save the external NFS server - set_fact: - openshift_management_nfs_server: "{{ openshift_management_storage_nfs_external_hostname }}" - when: - - openshift_management_storage_class == "nfs_external" - -- name: Failed NFS server detection - assert: - that: - - openshift_management_nfs_server is defined - msg: | - "Unable to detect an NFS server. The 'nfs_external' - openshift_management_storage_class option requires that you set - openshift_management_storage_nfs_external_hostname. NFS hosts detected - for local nfs services: {{ groups['oo_nfs_to_config'] | join(', ') }}" - - name: Setting up NFS storage block: - name: Include the NFS Setup role tasks diff --git a/roles/openshift_management/tasks/storage/nfs_server.yml b/roles/openshift_management/tasks/storage/nfs_server.yml new file mode 100644 index 000000000..a1b618137 --- /dev/null +++ b/roles/openshift_management/tasks/storage/nfs_server.yml @@ -0,0 +1,45 @@ +--- +- name: Ensure we save the local NFS server if one is provided + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_local_hostname }}" + when: + - openshift_management_storage_nfs_local_hostname is defined + - openshift_management_storage_nfs_local_hostname != False + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the local NFS server + set_fact: + openshift_management_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}" + when: + - openshift_management_nfs_server is not defined + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the external NFS server + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_external_hostname }}" + when: + - openshift_management_storage_class == "nfs_external" + +- name: Failed External NFS server detection + assert: + that: + - openshift_management_nfs_server is defined + msg: | + Unable to detect an NFS server. The 'nfs_external' + openshift_management_storage_class option requires that you + manually set openshift_management_storage_nfs_external_hostname + parameter. + when: + - openshift_management_storage_class == 'nfs_external' + +- name: Failed Local NFS server detection + assert: + that: + - openshift_management_nfs_server is defined + msg: | + Unable to detect an NFS server. The 'nfs' + openshift_management_storage_class option requires that you have + an 'nfs' inventory group or manually set the + openshift_management_storage_nfs_local_hostname parameter. + when: + - openshift_management_storage_class == 'nfs' diff --git a/roles/openshift_management/tasks/template.yml b/roles/openshift_management/tasks/template.yml index 299158ac4..9f97cdcb9 100644 --- a/roles/openshift_management/tasks/template.yml +++ b/roles/openshift_management/tasks/template.yml @@ -15,7 +15,7 @@ # STANDARD PODIFIED DATABASE TEMPLATE - when: openshift_management_app_template in ['miq-template', 'cfme-template'] block: - - name: Check if the CFME Server template has been created already + - name: Check if the Management Server template has been created already oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -25,12 +25,12 @@ - when: miq_server_check.results.results == [{}] block: - - name: Copy over CFME Server template + - name: Copy over Management Server template copy: src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-template.yaml" dest: "{{ template_dir }}/" - - name: Ensure CFME Server Template is created + - name: Ensure Management Server Template is created oc_obj: namespace: "{{ openshift_management_project }}" name: "{{ openshift_management_flavor }}" @@ -41,9 +41,9 @@ ###################################################################### # EXTERNAL DATABASE TEMPLATE -- when: openshift_management_app_template in ['miq-template-ext-db', 'cfme-template'] +- when: openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] block: - - name: Check if the CFME Ext-DB Server template has been created already + - name: Check if the Management Ext-DB Server template has been created already oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -53,12 +53,12 @@ - when: miq_ext_db_server_check.results.results == [{}] block: - - name: Copy over CFME Ext-DB Server template + - name: Copy over Management Ext-DB Server template copy: src: "templates/{{ openshift_management_flavor }}/{{openshift_management_flavor_short}}-template-ext-db.yaml" dest: "{{ template_dir }}/" - - name: Ensure CFME Ext-DB Server Template is created + - name: Ensure Management Ext-DB Server Template is created oc_obj: namespace: "{{ openshift_management_project }}" name: "{{ openshift_management_flavor }}-ext-db" @@ -74,7 +74,7 @@ # Begin conditional PV template creations # Required for the application server -- name: Check if the CFME App PV template has been created already +- name: Check if the Management App PV template has been created already oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -84,12 +84,12 @@ - when: miq_app_pv_check.results.results == [{}] block: - - name: Copy over CFME App PV template + - name: Copy over Management App PV template copy: src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml" dest: "{{ template_dir }}/" - - name: Ensure CFME App PV Template is created + - name: Ensure Management App PV Template is created oc_obj: namespace: "{{ openshift_management_project }}" name: "{{ openshift_management_flavor }}-app-pv" @@ -103,7 +103,7 @@ # Required for database if the installation is fully podified - when: openshift_management_app_template in ['miq-template', 'cfme-template'] block: - - name: Check if the CFME DB PV template has been created already + - name: Check if the Management DB PV template has been created already oc_obj: namespace: "{{ openshift_management_project }}" state: list @@ -113,12 +113,12 @@ - when: miq_db_pv_check.results.results == [{}] block: - - name: Copy over CFME DB PV template + - name: Copy over Management DB PV template copy: src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml" dest: "{{ template_dir }}/" - - name: Ensure CFME DB PV Template is created + - name: Ensure Management DB PV Template is created oc_obj: namespace: "{{ openshift_management_project }}" name: "{{ openshift_management_flavor }}-db-pv" diff --git a/roles/openshift_management/tasks/validate.yml b/roles/openshift_management/tasks/validate.yml index 8b20bdc5e..b22f36a4f 100644 --- a/roles/openshift_management/tasks/validate.yml +++ b/roles/openshift_management/tasks/validate.yml @@ -2,12 +2,25 @@ # Validate configuration parameters passed to the openshift_management role ###################################################################### +# BETA ACKNOWLEDGEMENT +- name: Ensure BETA software notice has been acknowledged + assert: + that: + - openshift_management_install_beta | default(false) | bool + msg: | + openshift-management (CFME/MIQ) is currently BETA status. You + must set openshift_management_install_beta to true to + acknowledge that you accept this risk and understand that + support is limited or nonexistent. + when: + - openshift_deployment_type == 'openshift-enterprise' + +###################################################################### # CORE PARAMETERS - name: Ensure openshift_management_app_template is valid assert: that: - openshift_management_app_template in __openshift_management_app_templates - msg: | "openshift_management_app_template must be one of {{ __openshift_management_app_templates | join(', ') }}" diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index b6875ebd4..a27fbae7e 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -12,7 +12,7 @@ r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false r_openshift_master_os_firewall_enable: true r_openshift_master_os_firewall_deny: [] -r_openshift_master_os_firewall_allow: +default_r_openshift_master_os_firewall_allow: - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https @@ -24,6 +24,7 @@ r_openshift_master_os_firewall_allow: - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" @@ -46,6 +47,9 @@ r_openshift_master_use_nuage: "{{ r_openshift_master_use_nuage_default }}" r_openshift_master_use_contiv_default: "{{ openshift_use_contiv | default(False) }}" r_openshift_master_use_contiv: "{{ r_openshift_master_use_contiv_default }}" +r_openshift_master_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}" +r_openshift_master_use_kuryr: "{{ r_openshift_master_use_kuryr_default }}" + r_openshift_master_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}" @@ -55,87 +59,10 @@ r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_p openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" -openshift_master_config_dir_default: "{{ (openshift.common.config_base | default('/etc/origin/master')) ~ '/master' }}" +openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" -openshift_master_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" - -openshift_master_node_config_networkconfig_mtu: 1450 - -openshift_master_node_config_kubeletargs_cpu: 500m -openshift_master_node_config_kubeletargs_mem: 512M openshift_master_bootstrap_enabled: False -openshift_master_client_binary: "{{ openshift.common.client_binary if openshift is defined else 'oc' }}" - -openshift_master_config_imageconfig_format: "{{ oreg_url if oreg_url != '' else 'registry.access.redhat.com/openshift3/ose-${component}:${version}' }}" - -# these are for the default settings in a generated node-config.yaml -openshift_master_node_config_default_edits: -- key: nodeName - state: absent -- key: dnsBindAddress - value: 127.0.0.1:53 -- key: dnsDomain - value: cluster.local -- key: dnsRecursiveResolvConf - value: /etc/origin/node/resolv.conf -- key: imageConfig.format - value: "{{ openshift_master_config_imageconfig_format }}" -- key: kubeletArguments.cloud-config - value: - - "/etc/origin/cloudprovider/{{ openshift_master_cloud_provider }}.conf" -- key: kubeletArguments.cloud-provider - value: - - "{{ openshift_master_cloud_provider }}" -- key: kubeletArguments.kube-reserved - value: - - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}" -- key: kubeletArguments.system-reserved - value: - - "cpu={{ openshift_master_node_config_kubeletargs_cpu }},memory={{ openshift_master_node_config_kubeletargs_mem }}" -- key: enable-controller-attach-detach - value: - - 'true' -- key: networkConfig.mtu - value: 8951 -- key: networkConfig.networkPluginName - value: "{{ r_openshift_master_sdn_network_plugin_name }}" -- key: networkPluginName - value: "{{ r_openshift_master_sdn_network_plugin_name }}" - - -# We support labels for all nodes here -openshift_master_node_config_kubeletargs_default_labels: [] -# We do support overrides for node group labels -openshift_master_node_config_kubeletargs_master_labels: [] -openshift_master_node_config_kubeletargs_infra_labels: [] -openshift_master_node_config_kubeletargs_compute_labels: [] - -openshift_master_node_config_master: - type: master - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_master_labels) | - union(['type=master']) }}" -openshift_master_node_config_infra: - type: infra - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_infra_labels) | - union(['type=infra']) }}" -openshift_master_node_config_compute: - type: compute - edits: - - key: kubeletArguments.node-labels - value: "{{ openshift_master_node_config_kubeletargs_default_labels | - union(openshift_master_node_config_kubeletargs_compute_labels) | - union(['type=compute']) }}" - -openshift_master_node_configs: -- "{{ openshift_master_node_config_infra }}" -- "{{ openshift_master_node_config_compute }}" - -openshift_master_bootstrap_namespace: openshift-node +openshift_master_csr_sa: node-bootstrapper +openshift_master_csr_namespace: openshift-infra diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index d5094c2c9..f88c4a7dc 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -9,10 +9,13 @@ notify: - Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: - name: "{{ openshift.common.service_type }}-master-controllers" - state: restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - not (master_controllers_service_status_changed | default(false) | bool) - openshift.master.cluster_method == 'native' diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index eee89743c..ce55e7d0c 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -1,91 +1,15 @@ --- - -- name: ensure the node-bootstrap service account exists - oc_serviceaccount: - name: node-bootstrapper - namespace: openshift-infra - state: present - run_once: true - -- name: grant node-bootstrapper the correct permissions to bootstrap - oc_adm_policy_user: - namespace: openshift-infra - user: system:serviceaccount:openshift-infra:node-bootstrapper - resource_kind: cluster-role - resource_name: system:node-bootstrapper - state: present - run_once: true - # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" + command: > + oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out + until: kubeconfig_out.rc == 0 + retries: 24 + delay: 5 - name: put service account kubeconfig into a file on disk for bootstrap copy: content: "{{ kubeconfig_out.stdout }}" dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig" - -- name: create a temp dir for this work - command: mktemp -d /tmp/openshift_node_config-XXXXXX - register: mktempout - run_once: true - -# This generate is so that we do not have to maintain -# our own copy of the template. This is generated by -# the product and the following settings will be -# generated by the master -- name: generate a node-config dynamically - command: > - {{ openshift_master_client_binary }} adm create-node-config - --node-dir={{ mktempout.stdout }}/ - --node=CONFIGMAP - --hostnames=test - --certificate-authority={{ openshift_master_config_dir }}/ca.crt - --signer-cert={{ openshift_master_config_dir }}/ca.crt - --signer-key={{ openshift_master_config_dir }}/ca.key - --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt - --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt - register: configgen - run_once: true - -- name: remove the default settings - yedit: - state: "{{ item.state | default('present') }}" - src: "{{ mktempout.stdout }}/node-config.yaml" - key: "{{ item.key }}" - value: "{{ item.value | default(omit) }}" - with_items: "{{ openshift_master_node_config_default_edits }}" - run_once: true - -- name: copy the generated config into each group - copy: - src: "{{ mktempout.stdout }}/node-config.yaml" - remote_src: true - dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: "specialize the generated configs for node-config-{{ item.type }}" - yedit: - src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - edits: "{{ item.edits }}" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: create node-config.yaml configmap - oc_configmap: - name: "node-config-{{ item.type }}" - namespace: "{{ openshift_master_bootstrap_namespace }}" - from_file: - node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml" - with_items: "{{ openshift_master_node_configs }}" - run_once: true - -- name: remove templated files - file: - dest: "{{ mktempout.stdout }}/" - state: absent - with_items: "{{ openshift_master_node_configs }}" - run_once: true diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml new file mode 100644 index 000000000..cbd7f587b --- /dev/null +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -0,0 +1,14 @@ +--- +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers + when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/clean_systemd_units.yml b/roles/openshift_master/tasks/clean_systemd_units.yml deleted file mode 100644 index e641f84d4..000000000 --- a/roles/openshift_master/tasks/clean_systemd_units.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Disable master service - systemd: - name: "{{ openshift.common.service_type }}-master" - state: stopped - enabled: no - masked: yes - ignore_errors: true diff --git a/roles/openshift_master/tasks/journald.yml b/roles/openshift_master/tasks/journald.yml new file mode 100644 index 000000000..a16cbe78e --- /dev/null +++ b/roles/openshift_master/tasks/journald.yml @@ -0,0 +1,29 @@ +--- +- name: Checking for journald.conf + stat: path=/etc/systemd/journald.conf + register: journald_conf_file + +- name: Create journald persistence directories + file: + path: /var/log/journal + state: directory + +- name: Update journald setup + replace: + dest: /etc/systemd/journald.conf + regexp: '^(\#| )?{{ item.var }}=\s*.*?$' + replace: ' {{ item.var }}={{ item.val }}' + backup: yes + with_items: "{{ journald_vars_to_replace | default([]) }}" + when: journald_conf_file.stat.exists + register: journald_update + +# I need to restart journald immediatelly, otherwise it gets into way during +# further steps in ansible +- name: Restart journald + command: "systemctl restart systemd-journald" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 + when: journald_update | changed diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 824a5886e..c7c02d49b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -177,31 +177,12 @@ local_facts: no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}" +- name: Update journald config + include: journald.yml + - name: Install the systemd units include: systemd_units.yml -- name: Checking for journald.conf - stat: path=/etc/systemd/journald.conf - register: journald_conf_file - -- name: Update journald setup - replace: - dest: /etc/systemd/journald.conf - regexp: '^(\#| )?{{ item.var }}=\s*.*?$' - replace: ' {{ item.var }}={{ item.val }}' - backup: yes - with_items: "{{ journald_vars_to_replace | default([]) }}" - when: journald_conf_file.stat.exists - register: journald_update - -# I need to restart journald immediatelly, otherwise it gets into way during -# further steps in ansible -- name: Restart journald - systemd: - name: systemd-journald - state: restarted - when: journald_update | changed - - name: Install Master system container include: system_container.yml when: @@ -237,18 +218,7 @@ - restart master api - restart master controllers -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers +- include: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml @@ -316,14 +286,13 @@ - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool -- name: Start and enable master controller on first master +- name: Start and enable master controller service systemd: name: "{{ openshift.common.service_type }}-master-controllers" enabled: yes state: started when: - openshift.master.cluster_method == 'native' - - inventory_hostname == openshift_master_hosts[0] register: l_start_result until: not l_start_result | failed retries: 1 @@ -334,31 +303,8 @@ when: - l_start_result | failed -- name: Wait for master controller service to start on first master - pause: - seconds: 15 - when: - - openshift.master.cluster_method == 'native' - -- name: Start and enable master controller on all masters - systemd: - name: "{{ openshift.common.service_type }}-master-controllers" - enabled: yes - state: started - when: - - openshift.master.cluster_method == 'native' - - inventory_hostname != openshift_master_hosts[0] - register: l_start_result - until: not l_start_result | failed - retries: 1 - delay: 60 - -- name: Dump logs from master-controllers if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-controllers - when: - - l_start_result | failed - -- set_fact: +- name: Set fact master_controllers_service_status_changed + set_fact: master_controllers_service_status_changed: "{{ l_start_result | changed }}" when: - openshift.master.cluster_method == 'native' diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml index 63d483760..cde01c49e 100644 --- a/roles/openshift_master/tasks/registry_auth.yml +++ b/roles/openshift_master/tasks/registry_auth.yml @@ -11,6 +11,9 @@ - oreg_auth_user is defined - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: master_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: master_oreg_auth_credentials_create.rc == 0 notify: - restart master api - restart master controllers diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 91332acfb..843352532 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -1,4 +1,9 @@ --- +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull master system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index fcc66044b..8420dfb8c 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -14,8 +14,22 @@ - include: registry_auth.yml +- name: Disable the legacy master service if it exists + systemd: + name: "{{ openshift.common.service_type }}-master" + state: stopped + enabled: no + masked: yes + ignore_errors: true + - name: Remove the legacy master service if it exists - include: clean_systemd_units.yml + file: + path: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" + state: absent + ignore_errors: true + when: + - openshift.master.cluster_method == "native" + - not openshift.common.is_master_system_container | bool # This is the image used for both HA and non-HA clusters: - name: Pre-pull master image @@ -44,6 +58,17 @@ - l_create_ha_unit_files | changed # end workaround for missing systemd unit files +- name: enable master services + systemd: + name: "{{ openshift.common.service_type }}-master-{{ item }}" + enabled: yes + with_items: + - api + - controllers + when: + - openshift.master.cluster_method == "native" + - not openshift.common.is_master_system_container | bool + - name: Preserve Master API Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api register: l_master_api_proxy diff --git a/roles/openshift_master/tasks/upgrade_facts.yml b/roles/openshift_master/tasks/upgrade_facts.yml index f6ad438aa..2252c003a 100644 --- a/roles/openshift_master/tasks/upgrade_facts.yml +++ b/roles/openshift_master/tasks/upgrade_facts.yml @@ -21,6 +21,10 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" when: oreg_host is not defined +- set_fact: + oreg_auth_credentials_replace: False + when: oreg_auth_credentials_replace is not defined + - name: Set openshift_master_debug_level set_fact: openshift_master_debug_level: "{{ debug_level | default(2) }}" diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 7ec26ceb7..3f7a528a9 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -21,7 +21,7 @@ AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} -{% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} +{% for key, value in (openshift.master.api_env_vars | default({})).items() | union((openshift.master.controllers_env_vars | default({})).items()) -%} {{ key }}={{ value }} {% endfor -%} {% endif -%} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 7159ccc7f..c83fc9fbb 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -58,11 +58,12 @@ controllerConfig: {% endif %} controllers: '*' corsAllowedOrigins: + # anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - - {{ origin }} + - (?i)\A{{ origin | regex_escape() }}\z {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - - {{ custom_origin }} + - (?i)\A{{ custom_origin | regex_escape() }}\z {% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} @@ -179,7 +180,12 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} -{% if r_openshift_master_use_openshift_sdn or r_openshift_master_use_nuage or r_openshift_master_use_contiv or r_openshift_master_sdn_network_plugin_name == 'cni' %} +{% if openshift.common.version_gte_3_7 | bool %} + clusterNetworks: + - cidr: {{ openshift.master.sdn_cluster_network_cidr }} + hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} +{% endif %} +{% if r_openshift_master_use_openshift_sdn or r_openshift_master_use_nuage or r_openshift_master_use_contiv or r_openshift_master_use_kuryr or r_openshift_master_sdn_network_plugin_name == 'cni' %} networkPluginName: {{ r_openshift_master_sdn_network_plugin_name_default }} {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index f7f3ac2b1..97a5179e0 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -326,10 +326,8 @@ class IdentityProviderOauthBase(IdentityProviderBase): self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']] def validate(self): - ''' validate this idp instance ''' - if self.challenge: - raise errors.AnsibleFilterError("|failed provider {0} does not " - "allow challenge authentication".format(self.__class__.__name__)) + ''' validate an instance of this idp class ''' + pass class OpenIDIdentityProvider(IdentityProviderOauthBase): @@ -363,7 +361,6 @@ class OpenIDIdentityProvider(IdentityProviderOauthBase): def validate(self): ''' validate this idp instance ''' - IdentityProviderOauthBase.validate(self) if not isinstance(self.provider['claims'], dict): raise errors.AnsibleFilterError("|failed claims for provider {0} " "must be a dictionary".format(self.__class__.__name__)) @@ -429,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase): IdentityProviderOauthBase.__init__(self, api_version, idp) self._optional += [['hostedDomain', 'hosted_domain']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class GitHubIdentityProvider(IdentityProviderOauthBase): """ GitHubIdentityProvider @@ -447,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase): self._optional += [['organizations'], ['teams']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @@ -511,7 +520,7 @@ class FilterModule(object): 'master.kubelet-client.crt', 'master.kubelet-client.key'] if bool(include_ca): - certs += ['ca.crt', 'ca.key', 'ca-bundle.crt'] + certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 501be148e..cf0be3bef 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -88,7 +88,6 @@ controller_args: "{{ osm_controller_args | default(None) }}" disabled_features: "{{ osm_disabled_features | default(None) }}" master_count: "{{ openshift_master_count | default(None) }}" - controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" master_image: "{{ osm_image | default(None) }}" admission_plugin_config: "{{openshift_master_admission_plugin_config }}" kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" # deprecated, merged with admission_plugin_config diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index ed698daca..b74f22c00 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -109,3 +109,78 @@ Author Information ------------------ Jose David MartÃn (j.david.nieto@gmail.com) + +Image update procedure +---------------------- +An upgrade of the metrics stack from older version to newer is an automated process and should be performed by calling appropriate ansible playbook and setting required ansible variables in your inventory as documented in https://docs.openshift.org/. + +Following text describes manual update of the metrics images without version upgrade. To determine the current version of images being used you can: +``` +oc describe pod | grep 'Image ID:' +``` +This will get the repo digest that can later be compared to the inspected image details. + +A way to determine when was your image last updated: +``` +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +<registry>/openshift3/origin-metrics-cassandra v3.7 f8ad8d569e27 14 hours ago 783.7 MB + +$ docker inspect 9c3597aeb39f +[ + { + . . . + "RepoDigests": [ + "<registry>/openshift3/metrics-cassandra@sha256:d37fc0cab268625b53a92bb98d09fcc501cfca1c68e16bac6dd98446d32ba135 + ], + . . . + "Config": { + . . . + "Labels": { + . . . + "build-date": "2017-10-17T16:47:44.350655", + . . . + "release": "0.143.4.0", + . . . + "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/metrics-cassandra/images/v3.7.0-0.143.4.0", + . . . + "version": "v3.7.0" + } + }, + . . . +``` + +Pull a new image to see if registry has any newer images with the same tag: +``` +$ docker pull <registry>/openshift3/origin-metrics-cassandra:v3.7 +``` + +If there was an update, you need to run the `docker pull` on each node. + +It is recommended that you now rerun the `openshift_metrics` playbook to ensure that any necessary config changes are also picked up. + +To manually redeploy your pod you can do the following: +- for a DC you can do: +``` +oc rollout latest <dc_name> +``` + +- for a RC you can scale down and scale back up +``` +oc scale --replicas=0 <rc_name> + +... wait for scale down + +oc scale --replicas=<original_replica_count> <rc_name> +``` + +- for a DS you can delete the pod or unlabel and relabel your node +``` +oc delete pod --selector=<ds_selector> +``` + +Changelog +--------- + +Tue Oct 10, 2017 +- Default imagePullPolicy changed from Always to IfNotPresent diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index ce7688581..88b893448 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 6f341bcfb..6a3811598 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -30,7 +30,7 @@ spec: {% endif %} containers: - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-cassandra-{{ node }} ports: - name: cql-port diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 59f7fb44a..0662bea53 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -25,7 +25,7 @@ spec: {% endif %} containers: - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-metrics ports: - name: http-endpoint diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 index d65eaf9ae..40d09e9fa 100644 --- a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 @@ -25,7 +25,7 @@ spec: {% endif %} containers: - image: {{openshift_metrics_image_prefix}}metrics-hawkular-openshift-agent:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-openshift-agent {% if ((openshift_metrics_hawkular_agent_limits_cpu is defined and openshift_metrics_hawkular_agent_limits_cpu is not none) or (openshift_metrics_hawkular_agent_limits_memory is defined and openshift_metrics_hawkular_agent_limits_memory is not none) diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index d8c7763ea..e732c1eee 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -27,7 +27,7 @@ spec: containers: - name: heapster image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent ports: - containerPort: 8082 name: "http-endpoint" diff --git a/roles/openshift_nfs/tasks/create_export.yml b/roles/openshift_nfs/tasks/create_export.yml index 39323904f..b0b888d56 100644 --- a/roles/openshift_nfs/tasks/create_export.yml +++ b/roles/openshift_nfs/tasks/create_export.yml @@ -12,7 +12,7 @@ # l_nfs_export_name: Name of sub-directory of the export # l_nfs_options: Mount Options -- name: Ensure CFME App NFS export directory exists +- name: "Ensure {{ l_nfs_export_name }} NFS export directory exists" file: path: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }}" state: directory diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index b310a8f64..0c6d8db38 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -9,7 +9,7 @@ openshift_service_type: "{{ 'origin' if openshift_deployment_type == 'origin' el openshift_image_tag: '' -openshift_node_ami_prep_packages: +default_r_openshift_node_image_prep_packages: - "{{ openshift_service_type }}-master" - "{{ openshift_service_type }}-node" - "{{ openshift_service_type }}-docker-excluder" @@ -33,7 +33,6 @@ openshift_node_ami_prep_packages: - python-dbus - PyYAML - yum-utils -- cloud-utils-growpart # gluster - glusterfs-fuse # nfs @@ -54,6 +53,7 @@ openshift_node_ami_prep_packages: # - container-selinux # - atomic # +r_openshift_node_image_prep_packages: "{{ default_r_openshift_node_image_prep_packages | union(openshift_node_image_prep_packages | default([])) }}" openshift_node_bootstrap: False @@ -104,8 +104,14 @@ openshift_node_use_nuage: "{{ openshift_node_use_nuage_default }}" openshift_node_use_contiv_default: "{{ openshift_use_contiv | default(False) }}" openshift_node_use_contiv: "{{ openshift_node_use_contiv_default }}" +openshift_node_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}" +openshift_node_use_kuryr: "{{ openshift_node_use_kuryr_default }}" + openshift_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" openshift_node_data_dir: "{{ openshift_node_data_dir_default }}" +openshift_node_config_dir_default: "/etc/origin/node" +openshift_node_config_dir: "{{ openshift_node_config_dir_default }}" + openshift_node_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" openshift_node_image_config_latest: "{{ openshift_node_image_config_latest_default }}" diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index 8c03f6c41..8cf41ab4c 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -3,7 +3,7 @@ package: name: "{{ item }}" state: present - with_items: "{{ openshift_node_ami_prep_packages }}" + with_items: "{{ r_openshift_node_image_prep_packages }}" - name: create the directory for node file: @@ -25,11 +25,11 @@ state: "{{ item.state | default('present') }}" with_items: # add the kubeconfig - - line: "KUBECONFIG=/etc/origin/node/csr_kubeconfig" + - line: "KUBECONFIG={{ openshift_node_config_dir }}/bootstrap.kubeconfig" regexp: "^KUBECONFIG=.*" # remove the config file. This comes from openshift_facts - - regexp: "^CONFIG_FILE=.*" - state: absent + - line: "CONFIG_FILE={{ openshift_node_config_dir }}/node-config.yaml" + regexp: "^CONFIG_FILE=.*" - name: include aws sysconfig credentials include: aws.yml @@ -76,7 +76,7 @@ state: link force: yes with_items: - - /var/lib/origin/openshift.local.config/node/node-client-ca.crt + - "{{ openshift_node_config_dir }}/node-client-ca.crt" - when: rpmgenerated_config.stat.exists block: diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 20d7a9539..164a79b39 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -1,4 +1,9 @@ --- +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull node system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index e09063aa5..0f73ce454 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -10,6 +10,11 @@ l_service_name: "{{ openshift.docker.service_name }}" when: not l_use_crio +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull OpenVSwitch system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index de396fb4b..5e5e4f94a 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -11,6 +11,9 @@ - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: node_oreg_auth_credentials_create.rc == 0 notify: - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 08e1c7f4f..718d35dca 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -44,7 +44,7 @@ networkPluginName: {{ openshift_node_sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift_node_use_openshift_sdn | bool or openshift_node_use_nuage | bool or openshift_node_use_contiv | bool or openshift_node_sdn_network_plugin_name == 'cni' %} +{% if openshift_node_use_openshift_sdn | bool or openshift_node_use_nuage | bool or openshift_node_use_contiv | bool or openshift_node_use_kuryr | bool or openshift_node_sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} @@ -67,9 +67,11 @@ servingInfo: {% endfor %} {% endif %} volumeDirectory: {{ openshift_node_data_dir }}/openshift.local.volumes +{% if not (openshift_node_use_kuryr | default(False)) | bool %} proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} +{% endif %} volumeConfig: localQuota: perFSGroup: {{ openshift.node.local_quota_per_fsgroup }} diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index 4abe8bcaf..ef66bf9ca 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -2,9 +2,21 @@ - name: update ca trust command: update-ca-trust notify: - - restart docker after updating ca trust + - check for container runtime after updating ca trust -- name: restart docker after updating ca trust +- name: check for container runtime after updating ca trust + command: > + systemctl -q is-active {{ openshift.docker.service_name }}.service + register: l_docker_installed + # An rc of 0 indicates that the container runtime service is + # running. We will restart it by notifying the restart handler since + # we have updated the system CA trust. + changed_when: l_docker_installed.rc == 0 + failed_when: false + notify: + - restart container runtime after updating ca trust + +- name: restart container runtime after updating ca trust systemd: name: "{{ openshift.docker.service_name }}" state: restarted diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md new file mode 100644 index 000000000..4596190d7 --- /dev/null +++ b/roles/openshift_node_dnsmasq/README.md @@ -0,0 +1,27 @@ +OpenShift Node DNS resolver +=========================== + +Configure dnsmasq to act as a DNS resolver for an OpenShift node. + +Requirements +------------ + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------| +| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance | + +Dependencies +------------ + +* openshift_common +* openshift_node_facts + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml index ed97d539c..ebcff46b5 100644 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ b/roles/openshift_node_dnsmasq/defaults/main.yml @@ -1 +1,7 @@ --- +openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index 230f0a28c..f4e48b5b7 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -54,6 +54,8 @@ domain-needed server=/cluster.local/172.30.0.1 server=/30.172.in-addr.arpa/172.30.0.1 enable-dbus +dns-forward-max=5000 +cache-size=5000 EOF # New config file, must restart NEEDS_RESTART=1 diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node_dnsmasq/tasks/network-manager.yml index dddcfc9da..e5a92a630 100644 --- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/network-manager.yml @@ -5,5 +5,6 @@ dest: /etc/NetworkManager/dispatcher.d/ mode: 0755 notify: restart NetworkManager + when: openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool - meta: flush_handlers diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 index ef3ba2880..6543c7c3e 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -3,5 +3,10 @@ domain-needed no-negcache max-cache-ttl=1 enable-dbus -bind-interfaces -listen-address={{ openshift.node.dns_ip }} +dns-forward-max=5000 +cache-size=5000 +bind-dynamic +{% for interface in openshift_node_dnsmasq_except_interfaces %} +except-interface={{ interface }} +{% endfor %} +# End of config diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml new file mode 100644 index 000000000..d398a7fdc --- /dev/null +++ b/roles/openshift_node_group/defaults/main.yml @@ -0,0 +1,26 @@ +--- +openshift_node_groups: +- name: node-config-master + labels: + - 'type=master' + edits: [] +- name: node-config-infra + labels: + - 'type=infra' + edits: [] +- name: node-config-compute + labels: + - 'type=compute' + edits: [] + +openshift_node_group_edits: [] +openshift_node_group_namespace: openshift-node +openshift_node_group_labels: [] + +openshift_imageconfig_format: "{{ oreg_url if oreg_url is defined else openshift.node.registry_url }}" +openshift_node_group_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" +openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" +openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" +openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" +openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}" +openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) }}" diff --git a/roles/openshift_node_group/meta/main.yml b/roles/openshift_node_group/meta/main.yml new file mode 100644 index 000000000..14c1dd498 --- /dev/null +++ b/roles/openshift_node_group/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: +- role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_node_group/tasks/create_config.yml b/roles/openshift_node_group/tasks/create_config.yml new file mode 100644 index 000000000..02ec30a62 --- /dev/null +++ b/roles/openshift_node_group/tasks/create_config.yml @@ -0,0 +1,58 @@ +--- +- name: fetch node configmap + oc_configmap: + name: "{{ openshift_node_group_name }}" + namespace: "{{ openshift_node_group_namespace }}" + state: list + register: configout + run_once: true + +- name: debug node config + debug: var=configout + +- when: + - configout.results.results.0 == {} or (configout.results.results.0 != {} and openshift_node_group_edits|length > 0) + block: + - name: create a temp dir for this work + command: mktemp -d /tmp/openshift_node_config-XXXXXX + register: mktempout + run_once: true + + - name: create node config template + template: + src: node-config.yaml.j2 + dest: "{{ mktempout.stdout }}/node-config.yaml" + when: + - configout.results.results.0 == {} + + - name: lay down the config from the existing configmap + copy: + content: "{{ configout.results.results.0.data['node-config.yaml'] }}" + dest: "{{ mktempout.stdout }}/node-config.yaml" + when: + - configout.results.results.0 != {} + + - name: "specialize the generated configs for {{ openshift_node_group_name }}" + yedit: + content: + src: "{{ mktempout.stdout }}/node-config.yaml" + edits: "{{ openshift_node_group_edits }}" + register: yeditout + when: openshift_node_group_edits|length > 0 + run_once: true + + - debug: var=yeditout + + - name: create node-config.yaml configmap + oc_configmap: + name: "{{ openshift_node_group_name }}" + namespace: "{{ openshift_node_group_namespace }}" + from_file: + node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml" + run_once: true + + - name: remove templated files + file: + dest: "{{ mktempout.stdout }}/" + state: absent + run_once: true diff --git a/roles/openshift_node_group/tasks/main.yml b/roles/openshift_node_group/tasks/main.yml new file mode 100644 index 000000000..c7c15683d --- /dev/null +++ b/roles/openshift_node_group/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Build node config maps + include: create_config.yml + vars: + openshift_node_group_name: "{{ node_group.name }}" + openshift_node_group_edits: "{{ node_group.edits | default([]) }}" + openshift_node_group_labels: "{{ node_group.labels | default([]) }}" + with_items: "{{ openshift_node_groups }}" + loop_control: + loop_var: node_group diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 new file mode 100644 index 000000000..5e22dc6d2 --- /dev/null +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -0,0 +1,53 @@ +allowDisabledDocker: false +apiVersion: v1 +authConfig: + authenticationCacheSize: 1000 + authenticationCacheTTL: 5m + authorizationCacheSize: 1000 + authorizationCacheTTL: 5m +dnsBindAddress: "127.0.0.1:53" +dnsDomain: cluster.local +dnsIP: 0.0.0.0 +dnsNameservers: null +dnsRecursiveResolvConf: /etc/origin/node/resolv.conf +dockerConfig: + dockerShimRootDirectory: /var/lib/dockershim + dockerShimSocket: /var/run/dockershim.sock + execHandlerName: native +enableUnidling: true +imageConfig: + format: "{{ openshift_imageconfig_format }}" + latest: false +iptablesSyncPeriod: 30s +kind: NodeConfig +kubeletArguments: + cloud-config: + - /etc/origin/cloudprovider/{{ openshift_node_group_cloud_provider }}.conf + cloud-provider: + - {{ openshift_node_group_cloud_provider }} + node-labels: {{ openshift_node_group_labels | to_json }} +masterClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + burst: 40 + contentType: application/vnd.kubernetes.protobuf + qps: 20 +masterKubeConfig: node.kubeconfig +networkConfig: + mtu: "{{ openshift_node_group_network_mtu }}" + networkPluginName: {{ openshift_node_group_network_plugin }} +nodeIP: "" +podManifestConfig: null +servingInfo: + bindAddress: 0.0.0.0:10250 + bindNetwork: tcp4 + certFile: server.crt + clientCA: node-client-ca.crt + keyFile: server.key + namedCertificates: null +volumeConfig: + localQuota: + perFSGroup: null +volumeDirectory: {{ openshift_node_group_node_data_dir }}/openshift.local.volumes +enable-controller-attach-detach: +- 'true' +networkPluginName: {{ openshift_node_group_network_plugin }} diff --git a/roles/openshift_node_upgrade/tasks/registry_auth.yml b/roles/openshift_node_upgrade/tasks/registry_auth.yml index de396fb4b..5e5e4f94a 100644 --- a/roles/openshift_node_upgrade/tasks/registry_auth.yml +++ b/roles/openshift_node_upgrade/tasks/registry_auth.yml @@ -11,6 +11,9 @@ - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: node_oreg_auth_credentials_create.rc == 0 notify: - restart node diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index c5a44bffb..92f74928c 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -17,16 +17,16 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_namespace`: project (i.e. namespace) where the components will be deployed. -- `openshift_prometheus_replicas`: The number of replicas for prometheus deployment. - - `openshift_prometheus_node_selector`: Selector for the nodes prometheus will be deployed on. -- `openshift_prometheus_image_<COMPONENT>`: specify image for the component +- `openshift_prometheus_<COMPONENT>_image_prefix`: specify image prefix for the component + +- `openshift_prometheus_<COMPONENT>_image_version`: specify image version for the component -## Storage related variables -Each prometheus component (prometheus, alertmanager, alert-buffer, oauth-proxy) can set pv claim by setting corresponding role variable: +## PVC related variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set pv claim by setting corresponding role variable: ``` -openshift_prometheus_<COMPONENT>_storage_type: <VALUE> +openshift_prometheus_<COMPONENT>_storage_type: <VALUE> (pvc, emptydir) openshift_prometheus_<COMPONENT>_pvc_(name|size|access_modes|pv_selector): <VALUE> ``` e.g @@ -37,6 +37,29 @@ openshift_prometheus_alertbuffer_pvc_size: 10G openshift_prometheus_pvc_access_modes: [ReadWriteOnce] ``` +## NFS PV Storage variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set nfs pv by setting corresponding variable: +``` +openshift_prometheus_<COMPONENT>_storage_kind=<VALUE> +openshift_prometheus_<COMPONENT>_storage_(access_modes|host|labels)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_volume_(name|size)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_nfs_(directory|options)=<VALUE> +``` +e.g +``` +openshift_prometheus_storage_kind=nfs +openshift_prometheus_storage_access_modes=['ReadWriteOnce'] +openshift_prometheus_storage_host=nfs.example.com #for external host +openshift_prometheus_storage_nfs_directory=/exports +openshift_prometheus_storage_alertmanager_nfs_options='*(rw,root_squash)' +openshift_prometheus_storage_volume_name=prometheus +openshift_prometheus_storage_alertbuffer_volume_size=10Gi +openshift_prometheus_storage_labels={'storage': 'prometheus'} +``` + +NOTE: Setting `openshift_prometheus_<COMPONENT>_storage_labels` overrides `openshift_prometheus_<COMPONENT>_pvc_pv_selector` + + ## Additional Alert Rules file variable An external file with alert rules can be added by setting path to additional rules variable: ``` diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index c08bec4cb..4e2cea0b9 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -2,34 +2,30 @@ # defaults file for openshift_prometheus openshift_prometheus_state: present -openshift_prometheus_namespace: prometheus +openshift_prometheus_namespace: openshift-metrics -openshift_prometheus_replicas: 1 openshift_prometheus_node_selector: {"region":"infra"} -# images -openshift_prometheus_image_proxy: "openshift/oauth-proxy:v1.0.0" -openshift_prometheus_image_prometheus: "openshift/prometheus:v2.0.0-dev" -openshift_prometheus_image_alertmanager: "openshift/prometheus-alertmanager:v0.9.1" -openshift_prometheus_image_alertbuffer: "openshift/prometheus-alert-buffer:v0.0.1" - # additional prometheus rules file openshift_prometheus_additional_rules_file: null # storage -openshift_prometheus_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_storage_type: "emptydir" openshift_prometheus_pvc_name: prometheus openshift_prometheus_pvc_size: "{{ openshift_prometheus_storage_volume_size | default('10Gi') }}" openshift_prometheus_pvc_access_modes: [ReadWriteOnce] openshift_prometheus_pvc_pv_selector: "{{ openshift_prometheus_storage_labels | default({}) }}" -openshift_prometheus_alertmanager_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertmanager_storage_type: "emptydir" openshift_prometheus_alertmanager_pvc_name: prometheus-alertmanager openshift_prometheus_alertmanager_pvc_size: "{{ openshift_prometheus_alertmanager_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertmanager_pvc_access_modes: [ReadWriteOnce] openshift_prometheus_alertmanager_pvc_pv_selector: "{{ openshift_prometheus_alertmanager_storage_labels | default({}) }}" -openshift_prometheus_alertbuffer_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertbuffer_storage_type: "emptydir" openshift_prometheus_alertbuffer_pvc_name: prometheus-alertbuffer openshift_prometheus_alertbuffer_pvc_size: "{{ openshift_prometheus_alertbuffer_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertbuffer_pvc_access_modes: [ReadWriteOnce] diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index cb75eedca..00c3c1987 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -128,6 +128,7 @@ access_modes: "{{ openshift_prometheus_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_pvc_size }}" selector: "{{ openshift_prometheus_pvc_pv_selector }}" + when: openshift_prometheus_storage_type == 'pvc' - name: create alertmanager pvc oc_pvc: @@ -136,6 +137,7 @@ access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}" selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}" + when: openshift_prometheus_alertmanager_storage_type == 'pvc' - name: create alertbuffer pvc oc_pvc: @@ -144,22 +146,23 @@ access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}" selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" + when: openshift_prometheus_alertbuffer_storage_type == 'pvc' -# create prometheus deployment -- name: Set prometheus deployment template +# create prometheus stateful set +- name: Set prometheus template template: - src: prometheus_deployment.j2 + src: prometheus.j2 dest: "{{ tempdir }}/templates/prometheus.yaml" vars: namespace: "{{ openshift_prometheus_namespace }}" - prom_replicas: "{{ openshift_prometheus_replicas }}" +# prom_replicas: "{{ openshift_prometheus_replicas }}" -- name: Set prometheus deployment +- name: Set prometheus stateful set oc_obj: state: "{{ state }}" name: "prometheus" namespace: "{{ openshift_prometheus_namespace }}" - kind: deployment + kind: statefulset files: - "{{ tempdir }}/templates/prometheus.yaml" delete_after: true diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 523a64334..5cc9a67eb 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -1,4 +1,9 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type }}.yml" + - "default_images.yml" - name: Create temp directory for doing work in on target command: mktemp -td openshift-prometheus-ansible-XXXXXX diff --git a/roles/openshift_prometheus/templates/prometheus_deployment.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 66eab6df4..456db3a57 100644 --- a/roles/openshift_prometheus/templates/prometheus_deployment.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -1,12 +1,14 @@ -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: prometheus namespace: {{ namespace }} labels: app: prometheus spec: - replicas: {{ prom_replicas|default(1) }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel selector: provider: openshift matchLabels: @@ -21,28 +23,28 @@ spec: {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: {% for key, value in openshift_prometheus_node_selector.iteritems() %} - {{key}}: "{{value}}" + {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: # Deploy Prometheus behind an oauth proxy - name: prom-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 8443 @@ -60,6 +62,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -skip-auth-regex=^/metrics volumeMounts: - mountPath: /etc/tls/private @@ -72,24 +76,25 @@ spec: - name: prometheus args: - --storage.tsdb.retention=6h + - --storage.tsdb.min-block-duration=2m - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 - image: "{{ openshift_prometheus_image_prometheus }}" + image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} - memory: "{{openshift_prometheus_memory_requests}}" + memory: "{{ openshift_prometheus_memory_requests }}" {% endif %} {% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} - cpu: "{{openshift_prometheus_cpu_requests}}" + cpu: "{{ openshift_prometheus_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} memory: "{{ openshift_prometheus_memory_limit }}" {% endif %} {% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} - cpu: "{{openshift_prometheus_cpu_limit}}" + cpu: "{{ openshift_prometheus_cpu_limit }}" {% endif %} volumeMounts: @@ -100,22 +105,22 @@ spec: # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy - name: alerts-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 9443 @@ -133,6 +138,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt volumeMounts: - mountPath: /etc/tls/private name: alerts-tls @@ -142,22 +149,22 @@ spec: - name: alert-buffer args: - --storage-path=/alert-buffer/messages.db - image: "{{ openshift_prometheus_image_alertbuffer }}" + image: "{{ l_openshift_prometheus_alertbuffer_image_prefix }}prometheus-alert-buffer:{{ l_openshift_prometheus_alertbuffer_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_requests }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_limit }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_limit }}" {% endif %} volumeMounts: - mountPath: /alert-buffer @@ -169,22 +176,22 @@ spec: - name: alertmanager args: - -config.file=/etc/alertmanager/alertmanager.yml - image: "{{ openshift_prometheus_image_alertmanager }}" + image: "{{ l_openshift_prometheus_alertmanager_image_prefix }}prometheus-alertmanager:{{ l_openshift_prometheus_alertmanager_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_requests}}" + memory: "{{ openshift_prometheus_alertmanager_memory_requests }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_limit}}" + memory: "{{ openshift_prometheus_alertmanager_memory_limit }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_limit }}" {% endif %} ports: - containerPort: 9093 diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml new file mode 100644 index 000000000..ad52a3125 --- /dev/null +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('openshift/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_prometheus/vars/openshift-enterprise.yml b/roles/openshift_prometheus/vars/openshift-enterprise.yml new file mode 100644 index 000000000..9bb4c99bb --- /dev/null +++ b/roles/openshift_prometheus/vars/openshift-enterprise.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v3.7') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v3.7') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v3.7') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v3.7') }}" diff --git a/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml b/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml index ac21a5e37..1e6aafd00 100644 --- a/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml +++ b/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml @@ -1,6 +1,8 @@ --- - name: Generate ClusterRoleBindings - template: src=clusterrolebinding.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-clusterrolebinding.yaml + template: + src: clusterrolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-clusterrolebinding.yaml" vars: acct_name: provisioners-{{item}} obj_name: run-provisioners-{{item}} diff --git a/roles/openshift_provisioners/tasks/generate_secrets.yaml b/roles/openshift_provisioners/tasks/generate_secrets.yaml index e6cbb1bbf..fe5ff9f18 100644 --- a/roles/openshift_provisioners/tasks/generate_secrets.yaml +++ b/roles/openshift_provisioners/tasks/generate_secrets.yaml @@ -1,6 +1,8 @@ --- - name: Generate secret for efs - template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-secret.yaml + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-secret.yaml" vars: name: efs obj_name: "provisioners-efs" diff --git a/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml b/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml index 4fe0583ee..000f19994 100644 --- a/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml +++ b/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml @@ -1,6 +1,8 @@ --- - name: Generating serviceaccounts - template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-sa.yaml + template: + src: serviceaccount.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-sa.yaml" vars: obj_name: provisioners-{{item}} labels: diff --git a/roles/openshift_provisioners/tasks/install_efs.yaml b/roles/openshift_provisioners/tasks/install_efs.yaml index 4a6e00513..6e8792446 100644 --- a/roles/openshift_provisioners/tasks/install_efs.yaml +++ b/roles/openshift_provisioners/tasks/install_efs.yaml @@ -9,7 +9,9 @@ changed_when: no - name: Generate efs PersistentVolumeClaim - template: src=pvc.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pvc.yaml + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pvc.yaml" vars: obj_name: "provisioners-efs" size: "1Mi" @@ -21,7 +23,9 @@ changed_when: no - name: Generate efs PersistentVolume - template: src=pv.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pv.yaml + template: + src: pv.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pv.yaml" vars: obj_name: "provisioners-efs" size: "1Mi" diff --git a/roles/openshift_provisioners/tasks/install_support.yaml b/roles/openshift_provisioners/tasks/install_support.yaml index ba472f1c9..d6db81ab9 100644 --- a/roles/openshift_provisioners/tasks/install_support.yaml +++ b/roles/openshift_provisioners/tasks/install_support.yaml @@ -1,16 +1,9 @@ --- -- name: Check for provisioners project already exists - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project {{openshift_provisioners_project}} --no-headers - register: provisioners_project_result - ignore_errors: yes - when: not ansible_check_mode - changed_when: no - -- name: Create provisioners project - command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_provisioners_project}} - when: not ansible_check_mode and "not found" in provisioners_project_result.stderr +- name: Set provisioners project + oc_project: + state: present + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + name: "{{ openshift_provisioners_project }}" - name: Create temp directory for all our templates file: path={{mktemp.stdout}}/templates state=directory mode=0755 diff --git a/roles/openshift_provisioners/templates/pv.j2 b/roles/openshift_provisioners/templates/pv.j2 index f4128f9f0..f81b1617a 100644 --- a/roles/openshift_provisioners/templates/pv.j2 +++ b/roles/openshift_provisioners/templates/pv.j2 @@ -30,3 +30,4 @@ spec: name: {{claim_name}} namespace: {{openshift_provisioners_project}} {% endif %} + storageClassName: "" diff --git a/roles/openshift_provisioners/templates/pvc.j2 b/roles/openshift_provisioners/templates/pvc.j2 index 83d503056..0dd8772eb 100644 --- a/roles/openshift_provisioners/templates/pvc.j2 +++ b/roles/openshift_provisioners/templates/pvc.j2 @@ -23,4 +23,5 @@ spec: resources: requests: storage: {{size}} + storageClassName: "" diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index d41245093..95ba9fe4c 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -10,6 +10,11 @@ - name: Ensure libselinux-python is installed package: name=libselinux-python state=present + - name: Remove openshift_additional.repo file + file: + dest: /etc/yum.repos.d/openshift_additional.repo + state: absent + - name: Create any additional repos that are defined yum_repository: description: "{{ item.description | default(item.name | default(item.id)) }}" diff --git a/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml index e534e0cca..7c1573096 100644 --- a/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml +++ b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml @@ -21,16 +21,22 @@ openshift_logging_image_pull_secret: openshift_hosted_logging_image_pull_secret openshift_logging_kibana_hostname: openshift_hosted_logging_hostname openshift_logging_kibana_ops_hostname: openshift_hosted_logging_ops_hostname + openshift_logging_kibana_nodeselector: openshift_hosted_logging_kibana_nodeselector + openshift_logging_kibana_ops_nodeselector: openshift_hosted_logging_kibana_ops_nodeselector openshift_logging_fluentd_journal_source: openshift_hosted_logging_journal_source openshift_logging_fluentd_journal_read_from_head: openshift_hosted_logging_journal_read_from_head + openshift_logging_fluentd_nodeselector: openshift_hosted_logging_fluentd_nodeselector_label openshift_logging_es_memory_limit: openshift_hosted_logging_elasticsearch_instance_ram openshift_logging_es_nodeselector: openshift_hosted_logging_elasticsearch_nodeselector + openshift_logging_es_ops_nodeselector: openshift_hosted_logging_elasticsearch_ops_nodeselector openshift_logging_es_ops_memory_limit: openshift_hosted_logging_elasticsearch_ops_instance_ram openshift_logging_storage_access_modes: openshift_hosted_logging_storage_access_modes openshift_logging_master_public_url: openshift_hosted_logging_master_public_url openshift_logging_image_prefix: openshift_hosted_logging_deployer_prefix openshift_logging_image_version: openshift_hosted_logging_deployer_version openshift_logging_install_logging: openshift_hosted_logging_deploy + openshift_logging_curator_nodeselector: openshift_hosted_logging_curator_nodeselector + openshift_logging_curator_ops_nodeselector: openshift_hosted_logging_curator_ops_nodeselector - set_fact: @@ -40,9 +46,3 @@ openshift_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}" openshift_logging_elasticsearch_ops_pvc_size: "{{ openshift_loggingops_storage_volume_size | default('10Gi') if openshift_loggingops_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" openshift_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es-ops' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_logging_curator_nodeselector: "{{ openshift_hosted_logging_curator_nodeselector | default('') | map_from_pairs }}" - openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator_ops_nodeselector | default('') | map_from_pairs }}" - openshift_logging_kibana_nodeselector: "{{ openshift_hosted_logging_kibana_nodeselector | default('') | map_from_pairs }}" - openshift_logging_kibana_ops_nodeselector: "{{ openshift_hosted_logging_kibana_ops_nodeselector | default('') | map_from_pairs }}" - openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" - openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}" diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml index e327ee9f5..70b236033 100644 --- a/roles/openshift_sanitize_inventory/tasks/main.yml +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -23,6 +23,8 @@ # TODO: once this is well-documented, add deprecation notice if using old name. deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" openshift_deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" + deployment_subtype: "{{ openshift_deployment_subtype | default(deployment_subtype) | default('basic') | string }}" + openshift_deployment_subtype: "{{ openshift_deployment_subtype | default(deployment_subtype) | default('basic') | string }}" - name: Abort when deployment type is invalid # this variable is required; complain early and clearly if it is invalid. @@ -45,7 +47,7 @@ - name: Abort when openshift_release is invalid when: - openshift_release is defined - - not openshift_release | match('\d+(\.\d+){1,3}$') + - not openshift_release | match('^\d+(\.\d+){1,3}$') fail: msg: |- openshift_release is "{{ openshift_release }}" which is not a valid version string. @@ -54,3 +56,34 @@ - include: unsupported.yml when: - not openshift_enable_unsupported_configurations | default(false) | bool + +- name: Ensure clusterid is set along with the cloudprovider + fail: + msg: > + Ensure that the openshift_clusterid is set and that all infrastructure has the required tags. + + For dynamic provisioning when using multiple clusters in different zones, tag each node with Key=kubernetes.io/cluster/xxxx,Value=clusterid where xxxx and clusterid are unique per cluster. In versions prior to 3.6, this was Key=KubernetesCluster,Value=clusterid. + + https://github.com/openshift/openshift-docs/blob/master/install_config/persistent_storage/dynamically_provisioning_pvs.adoc#available-dynamically-provisioned-plug-ins + when: + - openshift_clusterid is not defined + - openshift_cloudprovider_kind is defined + - openshift_cloudprovider_kind == 'aws' + +- name: Ensure ansible_service_broker_remove and ansible_service_broker_install are mutually exclusive + fail: + msg: > + Ensure ansible_service_broker_remove and ansible_service_broker_install are mutually exclusive, + do not set both to true. ansible_service_broker_install defaults to true. + when: + - ansible_service_broker_remove | default(false) | bool + - ansible_service_broker_install | default(true) | bool + +- name: Ensure template_service_broker_remove and template_service_broker_install are mutually exclusive + fail: + msg: > + Ensure that template_service_broker_remove and template_service_broker_install are mutually exclusive, + do not set both to true. template_service_broker_remove defaults to true. + when: + - template_service_broker_remove | default(false) | bool + - template_service_broker_install | default(true) | bool diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml index 39bf1780a..b70ab90a1 100644 --- a/roles/openshift_sanitize_inventory/tasks/unsupported.yml +++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml @@ -11,6 +11,14 @@ will not function. This also means that NetworkManager must be installed enabled and responsible for management of the primary interface. +- name: Ensure that openshift_node_dnsmasq_install_network_manager_hook is true + when: + - not openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool + fail: + msg: |- + The NetworkManager hook is considered a critical part of the DNS + infrastructure. + - set_fact: __using_dynamic: True when: diff --git a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml index 71e21a269..a0b41a4eb 100644 --- a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml @@ -1,25 +1,26 @@ apiVersion: v1 kind: Template metadata: - name: service-catalog + name: service-catalog-role-bindings objects: -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: servicecatalog-serviceclass-viewer rules: - apiGroups: - servicecatalog.k8s.io resources: - - serviceclasses + - clusterserviceclasses + - clusterserviceplans verbs: - list - watch - get -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: servicecatalog-serviceclass-viewer-binding roleRef: @@ -37,8 +38,8 @@ objects: metadata: name: service-catalog-apiserver -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: sar-creator rules: @@ -49,17 +50,19 @@ objects: verbs: - create -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-sar-creator-binding roleRef: name: sar-creator - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: namespace-viewer rules: @@ -72,26 +75,30 @@ objects: - watch - get -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-namespace-viewer-binding roleRef: name: namespace-viewer - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-controller-namespace-viewer-binding roleRef: name: namespace-viewer - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller + subjects: + - kind: ServiceAccount + name: service-catalog-controller + namespace: kube-service-catalog -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: service-catalog-controller rules: @@ -102,6 +109,7 @@ objects: verbs: - create - update + - patch - delete - get - list @@ -109,19 +117,24 @@ objects: - apiGroups: - servicecatalog.k8s.io resources: - - brokers/status - - instances/status - - bindings/status + - clusterservicebrokers/status + - clusterserviceclasses/status + - clusterserviceplans/status + - serviceinstances/status + - servicebindings/status + - servicebindings/finalizers + - serviceinstances/reference verbs: - update - apiGroups: - servicecatalog.k8s.io resources: - - brokers - - instances - - bindings + - clusterservicebrokers + - serviceinstances + - servicebindings verbs: - list + - get - watch - apiGroups: - "" @@ -133,7 +146,8 @@ objects: - apiGroups: - servicecatalog.k8s.io resources: - - serviceclasses + - clusterserviceclasses + - clusterserviceplans verbs: - create - delete @@ -154,17 +168,19 @@ objects: - list - watch -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-controller-binding roleRef: name: service-catalog-controller - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller - -- kind: Role - apiVersion: v1 + subjects: + - kind: ServiceAccount + name: service-catalog-controller + namespace: kube-service-catalog + +- apiVersion: authorization.openshift.io/v1 + kind: Role metadata: name: endpoint-accessor rules: @@ -179,21 +195,25 @@ objects: - create - update -- kind: RoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: RoleBinding metadata: - name: endpoint-accessor-binding + name: endpointer-accessor-binding roleRef: name: endpoint-accessor namespace: kube-service-catalog - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller + subjects: + - kind: ServiceAccount + namespace: kube-service-catalog + name: service-catalog-controller -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: system:auth-delegator-binding roleRef: name: system:auth-delegator - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog diff --git a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml index f6ee0955d..f563ae42e 100644 --- a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Template metadata: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings objects: -- kind: Role - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: Role metadata: name: extension-apiserver-authentication-reader namespace: ${KUBE_SYSTEM_NAMESPACE} @@ -19,16 +19,18 @@ objects: verbs: - get -- kind: RoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: RoleBinding metadata: name: extension-apiserver-authentication-reader-binding namespace: ${KUBE_SYSTEM_NAMESPACE} roleRef: name: extension-apiserver-authentication-reader - namespace: kube-system - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + namespace: ${KUBE_SYSTEM_NAMESPACE} + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog parameters: - description: Do not change this value. diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml index cc897b032..cd7bda2c6 100644 --- a/roles/openshift_service_catalog/tasks/generate_certs.yml +++ b/roles/openshift_service_catalog/tasks/generate_certs.yml @@ -16,6 +16,16 @@ --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer +- name: Delete old apiserver.crt + file: + path: "{{ generated_certs_dir }}/apiserver.crt" + state: absent + +- name: Delete old apiserver.key + file: + path: "{{ generated_certs_dir }}/apiserver.key" + state: absent + - name: Generating server keys oc_adm_ca_server_cert: cert: "{{ generated_certs_dir }}/apiserver.crt" @@ -36,19 +46,28 @@ - name: tls.key path: "{{ generated_certs_dir }}/apiserver.key" +- name: Create service-catalog-ssl secret + oc_secret: + state: present + name: service-catalog-ssl + namespace: kube-service-catalog + files: + - name: tls.crt + path: "{{ generated_certs_dir }}/apiserver.crt" + - slurp: src: "{{ generated_certs_dir }}/ca.crt" register: apiserver_ca - shell: > - oc get apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" register: get_apiservices changed_when: no - name: Create api service oc_obj: state: present - name: v1alpha1.servicecatalog.k8s.io + name: v1beta1.servicecatalog.k8s.io kind: apiservices.apiregistration.k8s.io namespace: "kube-service-catalog" content: @@ -57,10 +76,10 @@ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: - name: v1alpha1.servicecatalog.k8s.io + name: v1beta1.servicecatalog.k8s.io spec: group: servicecatalog.k8s.io - version: v1alpha1 + version: v1beta1 service: namespace: "kube-service-catalog" name: apiserver diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index e202ae173..3507330e3 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -38,7 +38,7 @@ - name: Make kube-service-catalog project network global command: > - oc adm pod-network make-projects-global kube-service-catalog + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog - include: generate_certs.yml @@ -47,16 +47,15 @@ dest: "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - oc_obj: - name: service-catalog + name: service-catalog-role-bindings kind: template namespace: "kube-service-catalog" files: - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: service-catalog + template_name: service-catalog-role-bindings namespace: "kube-service-catalog" - copy: @@ -64,16 +63,15 @@ dest: "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - oc_obj: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings kind: template namespace: kube-system files: - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: kube-system-service-catalog + template_name: kube-system-service-catalog-role-bindings namespace: kube-system - oc_obj: @@ -85,19 +83,19 @@ # only do this if we don't already have the updated role info - name: Generate apply template for clusterrole/edit template: - src: sc_role_patching.j2 + src: sc_admin_edit_role_patching.j2 dest: "{{ mktemp.stdout }}/edit_sc_patch.yml" vars: original_content: "{{ edit_yaml.results.results[0] | to_yaml }}" when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update edit role for service catalog and pod preset access command: > - oc replace -f {{ mktemp.stdout }}/edit_sc_patch.yml + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/edit_sc_patch.yml when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - oc_obj: name: admin @@ -108,19 +106,42 @@ # only do this if we don't already have the updated role info - name: Generate apply template for clusterrole/admin template: - src: sc_role_patching.j2 + src: sc_admin_edit_role_patching.j2 dest: "{{ mktemp.stdout }}/admin_sc_patch.yml" vars: original_content: "{{ admin_yaml.results.results[0] | to_yaml }}" when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update admin role for service catalog and pod preset access command: > - oc replace -f {{ mktemp.stdout }}/admin_sc_patch.yml + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/admin_sc_patch.yml + when: + - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + +- oc_obj: + name: view + kind: clusterrole + state: list + register: view_yaml + +# only do this if we don't already have the updated role info +- name: Generate apply template for clusterrole/view + template: + src: sc_view_role_patching.j2 + dest: "{{ mktemp.stdout }}/view_sc_patch.yml" + vars: + original_content: "{{ view_yaml.results.results[0] | to_yaml }}" + when: + - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) + +# only do this if we don't already have the updated role info +- name: update view role for service catalog access + command: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/view_sc_patch.yml when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) - oc_adm_policy_user: namespace: kube-service-catalog diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index 2fb1ec440..a832e1f85 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -1,11 +1,7 @@ --- - name: Remove Service Catalog APIServer command: > - oc delete apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog - -- name: Remove Policy Binding - command: > - oc delete policybindings/kube-system:default -n kube-system --ignore-not-found + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog # TODO: this module doesn't currently remove this #- name: Remove service catalog api service @@ -13,7 +9,7 @@ # state: absent # namespace: "kube-service-catalog" # kind: apiservices.apiregistration.k8s.io -# name: v1alpha1.servicecatalog.k8s.io +# name: v1beta1.servicecatalog.k8s.io - name: Remove Service Catalog API Server route oc_obj: @@ -50,6 +46,26 @@ kind: deployment name: controller-manager +- name: Remove Service Catalog kube-system Role Bindinds + shell: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig process kube-system-service-catalog-role-bindings -n kube-system | {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "kube-system-service-catalog-role-bindings" + namespace: kube-system + state: absent + +- name: Remove Service Catalog kube-service-catalog Role Bindinds + shell: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig process service-catalog-role-bindings -n kube-service-catalog | {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "service-catalog-role-bindings" + namespace: kube-service-catalog + state: absent + - name: Remove Service Catalog namespace oc_project: state: absent diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index c09834fd4..0e5bb7230 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -24,6 +24,7 @@ spec: {% endfor %} containers: - args: + - apiserver - --storage-type - etcd - --secure-port @@ -41,9 +42,11 @@ spec: - --cors-allowed-origins - {{ cors_allowed_origin }} - --admission-control - - "KubernetesNamespaceLifecycle" + - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/apiserver"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: apiserver ports: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index 1bbc0fa2c..e5e5f6b50 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -29,11 +29,17 @@ spec: fieldRef: fieldPath: metadata.namespace args: + - controller-manager - -v - "5" - - "--leader-election-namespace=$(K8S_NAMESPACE)" + - --leader-election-namespace + - kube-service-catalog + - --broker-relist-interval + - "5m" + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/controller-manager"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: controller-manager ports: @@ -41,7 +47,19 @@ spec: protocol: TCP resources: {} terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/run/kubernetes-service-catalog + name: service-catalog-ssl + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 + volumes: + - name: service-catalog-ssl + secret: + defaultMode: 420 + items: + - key: tls.crt + path: apiserver.crt + secretName: apiserver-ssl diff --git a/roles/openshift_service_catalog/templates/sc_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 index 69b062b3f..59cceafcf 100644 --- a/roles/openshift_service_catalog/templates/sc_role_patching.j2 +++ b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 @@ -3,8 +3,8 @@ - "servicecatalog.k8s.io" attributeRestrictions: null resources: - - instances - - bindings + - serviceinstances + - servicebindings verbs: - create - update @@ -12,6 +12,7 @@ - get - list - watch + - patch - apiGroups: - "settings.k8s.io" attributeRestrictions: null diff --git a/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 new file mode 100644 index 000000000..838993854 --- /dev/null +++ b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 @@ -0,0 +1,11 @@ +{{ original_content }} +- apiGroups: + - "servicecatalog.k8s.io" + attributeRestrictions: null + resources: + - serviceinstances + - servicebindings + verbs: + - get + - list + - watch diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index d0bc0e028..abe411f67 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -119,13 +119,13 @@ are an exception: Additionally, this role's behavior responds to the following registry-specific variables: -| Name | Default value | Description | -|-----------------------------------------------|------------------------------|-----------------------------------------| -| openshift_hosted_registry_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes -| openshift_hosted_registry_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage -| openshift_hosted_registry_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only -| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume -| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume +| Name | Default value | Description | +|-------------------------------------------------------|------------------------------|-----------------------------------------| +| openshift_hosted_registry_storage_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes +| openshift_hosted_registry_storage_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage +| openshift_hosted_registry_storage_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only +| openshift_hosted_registry_storage_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume Dependencies ------------ diff --git a/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml new file mode 100644 index 000000000..7b705c2d4 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml @@ -0,0 +1,135 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: deploy-heketi + labels: + glusterfs: heketi-template + deploy-heketi: support + annotations: + description: Bootstrap Heketi installation + tags: glusterfs,heketi,installation +objects: +- kind: Service + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-service + deploy-heketi: support + annotations: + description: Exposes Heketi service + spec: + ports: + - name: deploy-heketi-${CLUSTER_NAME} + port: 8080 + targetPort: 8080 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-route + deploy-heketi: support + spec: + to: + kind: Service + name: deploy-heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-dc + deploy-heketi: support + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: deploy-heketi + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + deploy-heketi: support + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: /var/lib/heketi/fstab + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + - name: HEKETI_KUBE_NAMESPACE + value: ${HEKETI_KUBE_NAMESPACE} + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_KUBE_NAMESPACE + displayName: Namespace + description: Set the namespace where the GlusterFS pods reside + value: default +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml new file mode 100644 index 000000000..8c5e1ded3 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml @@ -0,0 +1,136 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterfs + labels: + glusterfs: template + annotations: + description: GlusterFS DaemonSet template + tags: glusterfs +objects: +- kind: DaemonSet + apiVersion: extensions/v1beta1 + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-daemonset + annotations: + description: GlusterFS DaemonSet + tags: glusterfs + spec: + selector: + matchLabels: + glusterfs: ${CLUSTER_NAME}-pod + template: + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-pod + glusterfs-node: pod + spec: + nodeSelector: "${{NODE_LABELS}}" + hostNetwork: true + containers: + - name: glusterfs + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + volumeMounts: + - name: glusterfs-heketi + mountPath: "/var/lib/heketi" + - name: glusterfs-run + mountPath: "/run" + - name: glusterfs-lvm + mountPath: "/run/lvm" + - name: glusterfs-etc + mountPath: "/etc/glusterfs" + - name: glusterfs-logs + mountPath: "/var/log/glusterfs" + - name: glusterfs-config + mountPath: "/var/lib/glusterd" + - name: glusterfs-dev + mountPath: "/dev" + - name: glusterfs-misc + mountPath: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + mountPath: "/sys/fs/cgroup" + readOnly: true + - name: glusterfs-ssl + mountPath: "/etc/ssl" + readOnly: true + securityContext: + capabilities: {} + privileged: true + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + resources: {} + terminationMessagePath: "/dev/termination-log" + volumes: + - name: glusterfs-heketi + hostPath: + path: "/var/lib/heketi" + - name: glusterfs-run + emptyDir: {} + - name: glusterfs-lvm + hostPath: + path: "/run/lvm" + - name: glusterfs-etc + hostPath: + path: "/etc/glusterfs" + - name: glusterfs-logs + hostPath: + path: "/var/log/glusterfs" + - name: glusterfs-config + hostPath: + path: "/var/lib/glusterd" + - name: glusterfs-dev + hostPath: + path: "/dev" + - name: glusterfs-misc + hostPath: + path: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: glusterfs-ssl + hostPath: + path: "/etc/ssl" + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} +parameters: +- name: NODE_LABELS + displayName: Daemonset Node Labels + description: Labels which define the daemonset node selector. Must contain at least one label of the format \'glusterfs=<CLUSTER_NAME>-host\' + value: '{ "glusterfs": "storage-host" }' +- name: IMAGE_NAME + displayName: GlusterFS container image name + required: True +- name: IMAGE_VERSION + displayName: GlusterFS container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml new file mode 100644 index 000000000..61b6a8c13 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml @@ -0,0 +1,134 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: heketi + labels: + glusterfs: heketi-template + annotations: + description: Heketi service deployment template + tags: glusterfs,heketi +objects: +- kind: Service + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-service + annotations: + description: Exposes Heketi service + spec: + ports: + - name: heketi + port: 8080 + targetPort: 8080 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: heketi-${CLUSTER_NAME}-route + spec: + to: + kind: Service + name: heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-dc + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-pod + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: /var/lib/heketi/fstab + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + - name: HEKETI_KUBE_NAMESPACE + value: ${HEKETI_KUBE_NAMESPACE} + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + glusterfs: + endpoints: heketi-db-${CLUSTER_NAME}-endpoints + path: heketidbstorage + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_KUBE_NAMESPACE + displayName: Namespace + description: Set the namespace where the GlusterFS pods reside + value: default +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml index 074904bec..54a6dd7c3 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml @@ -1,6 +1,6 @@ --- - name: Create heketi DB volume - command: "{{ glusterfs_heketi_client }} setup-openshift-heketi-storage --image {{ glusterfs_heketi_image}}:{{ glusterfs_heketi_version }} --listfile /tmp/heketi-storage.json" + command: "{{ glusterfs_heketi_client }} setup-openshift-heketi-storage --listfile /tmp/heketi-storage.json" register: setup_storage - name: Copy heketi-storage list diff --git a/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml b/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml new file mode 100644 index 000000000..030fa81c9 --- /dev/null +++ b/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml @@ -0,0 +1,12 @@ +--- +- name: Ensure device mapper modules loaded + template: + src: glusterfs.conf + dest: /etc/modules-load.d/glusterfs.conf + register: km + +- name: load kernel modules + systemd: + name: systemd-modules-load.service + state: restarted + when: km | changed diff --git a/roles/openshift_storage_glusterfs/templates/glusterfs.conf b/roles/openshift_storage_glusterfs/templates/glusterfs.conf new file mode 100644 index 000000000..dd4d6e6f7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/glusterfs.conf @@ -0,0 +1,4 @@ +#{{ ansible_managed }} +dm_thin_pool +dm_snapshot +dm_mirror
\ No newline at end of file diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..11c9195bb --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..3f869d2b7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 new file mode 100644 index 000000000..454e84aaf --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: glusterfs-{{ glusterfs_name }} +provisioner: kubernetes.io/glusterfs +parameters: + resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" + restuser: "admin" +{% if glusterfs_heketi_admin_key is defined %} + secretNamespace: "{{ glusterfs_namespace }}" + secretName: "heketi-{{ glusterfs_name }}-admin-secret" +{%- endif -%} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 new file mode 100644 index 000000000..99cbdf748 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 new file mode 100644 index 000000000..dcb896441 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 new file mode 100644 index 000000000..579b11bb7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 @@ -0,0 +1,36 @@ +{ + "_port_comment": "Heketi Server Port Number", + "port" : "8080", + + "_use_auth": "Enable JWT authorization. Please enable for deployment", + "use_auth" : false, + + "_jwt" : "Private keys for access", + "jwt" : { + "_admin" : "Admin has access to all APIs", + "admin" : { + "key" : "My Secret" + }, + "_user" : "User only has access to /volumes endpoint", + "user" : { + "key" : "My Secret" + } + }, + + "_glusterfs_comment": "GlusterFS Configuration", + "glusterfs" : { + + "_executor_comment": "Execute plugin. Possible choices: mock, kubernetes, ssh", + "executor" : "{{ glusterfs_heketi_executor }}", + + "_db_comment": "Database file name", + "db" : "/var/lib/heketi/heketi.db", + + "sshexec" : { + "keyfile" : "/etc/heketi/private_key", + "port" : "{{ glusterfs_heketi_ssh_port }}", + "user" : "{{ glusterfs_heketi_ssh_user }}", + "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} + } + } +} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 new file mode 100644 index 000000000..d6c28f6dd --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 @@ -0,0 +1,49 @@ +{ + "clusters": [ +{%- set clusters = {} -%} +{%- for node in glusterfs_nodes -%} + {%- set cluster = hostvars[node].glusterfs_cluster if 'glusterfs_cluster' in node else '1' -%} + {%- if cluster in clusters -%} + {%- set _dummy = clusters[cluster].append(node) -%} + {%- else -%} + {%- set _dummy = clusters.update({cluster: [ node, ]}) -%} + {%- endif -%} +{%- endfor -%} +{%- for cluster in clusters -%} + { + "nodes": [ +{%- for node in clusters[cluster] -%} + { + "node": { + "hostnames": { + "manage": [ +{%- if 'glusterfs_hostname' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_hostname }}" +{%- elif 'openshift' in hostvars[node] -%} + "{{ hostvars[node].openshift.node.nodename }}" +{%- else -%} + "{{ node }}" +{%- endif -%} + ], + "storage": [ +{%- if 'glusterfs_ip' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_ip }}" +{%- else -%} + "{{ hostvars[node].openshift.common.ip }}" +{%- endif -%} + ] + }, + "zone": {{ hostvars[node].glusterfs_zone | default(1) }} + }, + "devices": [ +{%- for device in hostvars[node].glusterfs_devices -%} + "{{ device }}"{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] +} diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml index 53d10f1f8..01a1a7472 100644 --- a/roles/openshift_version/defaults/main.yml +++ b/roles/openshift_version/defaults/main.yml @@ -1,3 +1,2 @@ --- openshift_protect_installed_version: True -version_install_base_package: False diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index f4e9ff43a..1c8b9046c 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -5,16 +5,6 @@ is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" is_atomic: "{{ openshift.common.is_atomic | default(False) | bool }}" -# This is only needed on masters and nodes; version_install_base_package -# should be set by a play externally. -- name: Install the base package for versioning - package: - name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" - state: present - when: - - not is_containerized | bool - - version_install_base_package | bool - # Block attempts to install origin without specifying some kind of version information. # This is because the latest tags for origin are usually alpha builds, which should not # be used by default. Users must indicate what they want. diff --git a/roles/template_service_broker/defaults/main.yml b/roles/template_service_broker/defaults/main.yml index a92a138b0..421b4ecf9 100644 --- a/roles/template_service_broker/defaults/main.yml +++ b/roles/template_service_broker/defaults/main.yml @@ -1,5 +1,5 @@ --- # placeholder file? template_service_broker_remove: False -template_service_broker_install: False +template_service_broker_install: True openshift_template_service_broker_namespaces: ['openshift'] diff --git a/roles/template_service_broker/files/openshift-ansible-catalog-console.js b/roles/template_service_broker/files/openshift-ansible-catalog-console.js index b3a3d3428..622afb6bd 100644 --- a/roles/template_service_broker/files/openshift-ansible-catalog-console.js +++ b/roles/template_service_broker/files/openshift-ansible-catalog-console.js @@ -1 +1 @@ -window.OPENSHIFT_CONSTANTS.ENABLE_TECH_PREVIEW_FEATURE.template_service_broker = true; +window.OPENSHIFT_CONSTANTS.TEMPLATE_SERVICE_BROKER_ENABLED = true; diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml index 54008bbf1..0db9e642a 100644 --- a/roles/template_service_broker/tasks/install.yml +++ b/roles/template_service_broker/tasks/install.yml @@ -6,7 +6,7 @@ - "{{ openshift_deployment_type | default(deployment_type) }}.yml" - "default_images.yml" -- name: set ansible_service_broker facts +- name: set template_service_broker facts set_fact: template_service_broker_prefix: "{{ template_service_broker_prefix | default(__template_service_broker_prefix) }}" template_service_broker_version: "{{ template_service_broker_version | default(__template_service_broker_version) }}" @@ -42,15 +42,15 @@ - name: Apply template file shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}" --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}" - | kubectl apply -f - + | {{ openshift.common.client_binary }} apply -f - # reconcile with rbac - name: Reconcile with RBAC file shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}" | oc auth reconcile -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}" | {{ openshift.common.client_binary }} auth reconcile -f - - name: copy tech preview extension file for service console UI copy: @@ -76,13 +76,13 @@ when: openshift_master_config_dir is undefined - slurp: - src: "{{ openshift_master_config_dir }}/ca.crt" + src: "{{ openshift_master_config_dir }}/service-signer.crt" register: __ca_bundle # Register with broker - name: Register TSB with broker shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | oc apply -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | {{ openshift.common.client_binary }} apply -f - - file: state: absent diff --git a/roles/template_service_broker/tasks/main.yml b/roles/template_service_broker/tasks/main.yml index d7ca970c7..6a4d89a46 100644 --- a/roles/template_service_broker/tasks/main.yml +++ b/roles/template_service_broker/tasks/main.yml @@ -2,7 +2,7 @@ # do any asserts here - include: install.yml - when: template_service_broker_install | default(false) | bool + when: template_service_broker_install | bool - include: remove.yml - when: template_service_broker_remove | default(false) | bool + when: template_service_broker_remove | bool diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml index f3afe65ed..8b5593ff9 100644 --- a/roles/template_service_broker/tasks/remove.yml +++ b/roles/template_service_broker/tasks/remove.yml @@ -13,11 +13,11 @@ - name: Delete TSB broker shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | oc delete -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | {{ openshift.common.client_binary }} delete --ignore-not-found -f - - name: Delete TSB objects shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | kubectl delete -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | {{ openshift.common.client_binary }} delete --ignore-not-found -f - - name: empty out tech preview extension file for service console UI copy: diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index c3501c018..9ecd63a80 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -220,6 +220,7 @@ class OOConfig(object): persisted_value = loaded_config.get(setting) if persisted_value is not None: self.settings[setting] = str(persisted_value) + installer_log.debug("config: set (%s) to value (%s)", setting, persisted_value) # We've loaded any persisted configs, let's verify any # paths which are required for a correct and complete @@ -344,8 +345,9 @@ class OOConfig(object): if 'ansible_ssh_user' not in self.settings: self.settings['ansible_ssh_user'] = '' - self.settings['ansible_inventory_path'] = \ - '{}/hosts'.format(os.path.dirname(self.config_path)) + if 'ansible_inventory_path' not in self.settings: + self.settings['ansible_inventory_path'] = \ + '{}/hosts'.format(os.path.dirname(self.config_path)) # clean up any empty sets empty_keys = [] |