diff options
Diffstat (limited to 'roles')
268 files changed, 25918 insertions, 2189 deletions
diff --git a/roles/cockpit-ui/meta/main.yml b/roles/cockpit-ui/meta/main.yml new file mode 100644 index 000000000..6ad2e324a --- /dev/null +++ b/roles/cockpit-ui/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Samuel Munilla + description: Deploy and Enable cockpit-ui + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml new file mode 100644 index 000000000..c752bcff1 --- /dev/null +++ b/roles/cockpit-ui/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Expose docker-registry + command: > + {{ openshift.common.client_binary }} expose service docker-registry -n default + register: expose_docker_registry + changed_when: "'already exists' not in expose_docker_registry.stderr" + failed_when: "'already exists' not in expose_docker_registry.stderr and expose_docker_registry.rc != 0" + +- name: Create passthrough route for registry-console + command: > + {{ openshift.common.client_binary }} create route passthrough + --service registry-console + --port registry-console + -n default + register: create_registry_console_route + changed_when: "'already exists' not in create_registry_console_route.stderr" + failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0" + +- name: Retrieve docker-registry route + command: "{{ openshift.common.client_binary }} get route docker-registry -n default --template='{{ '{{' }} .spec.host {{ '}}' }}'" + register: docker_registry_route + failed_when: false + changed_when: false + +- name: Retrieve cockpit kube url + command: "{{ openshift.common.client_binary }} get route registry-console -n default --template='https://{{ '{{' }} .spec.host {{ '}}' }}'" + register: registry_console_cockpit_kube_url + failed_when: false + changed_when: false + +- set_fact: + cockpit_image_prefix: "{{ '-p IMAGE_PREFIX=' ~ openshift_cockpit_deployer_prefix | default('') }}" + +- name: Deploy registry-console + command: > + {{ openshift.common.client_binary }} new-app --template=registry-console + {{ cockpit_image_prefix }} + -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" + -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80" + -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}" + -n default + register: deploy_registry_console + changed_when: "'already exists' not in deploy_registry_console.stderr" + failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 87a4e7af0..a89f5b91a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -67,7 +67,7 @@ dest: /etc/sysconfig/docker regexp: '^{{ item.reg_conf_var }}=.*$' line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: item.reg_fact_val != '' and docker_check.stat.isreg + when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg with_items: - reg_conf_var: ADD_REGISTRY reg_fact_val: "{{ docker_additional_registries | default(None, true)}}" @@ -96,7 +96,8 @@ reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" notify: - restart docker - when: "{{ 'http_proxy' in openshift.common or 'https_proxy' in openshift.common and docker_check.stat.isreg }}" + when: + - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common' - name: Set various Docker options lineinfile: @@ -108,7 +109,7 @@ {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ {% if docker_options is defined %} {{ docker_options }}{% endif %}\ {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" - when: docker_check.stat.isreg + when: docker_check.stat.isreg is defined and docker_check.stat.isreg notify: - restart docker diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index 7156a9fff..cfd72dfbc 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -7,7 +7,7 @@ galaxy_info: description: etcd management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.2 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -22,4 +22,4 @@ dependencies: port: "{{etcd_client_port}}/tcp" - service: etcd peering port: "{{ etcd_peer_port }}/tcp" -- role: etcd_common +- role: etcd_server_certificates diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 75d40216d..ba4136327 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -58,30 +58,6 @@ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" mode: 0700 -- name: Validate permissions on certificate files - file: - path: "{{ item }}" - mode: 0600 - owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - when: etcd_url_scheme == 'https' - with_items: - - "{{ etcd_ca_file }}" - - "{{ etcd_cert_file }}" - - "{{ etcd_key_file }}" - -- name: Validate permissions on peer certificate files - file: - path: "{{ item }}" - mode: 0600 - owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - when: etcd_peer_url_scheme == 'https' - with_items: - - "{{ etcd_peer_ca_file }}" - - "{{ etcd_peer_cert_file }}" - - "{{ etcd_peer_key_file }}" - - name: Write etcd global config file template: src: etcd.conf.j2 diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index cd048ec60..7ccf78212 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -1,5 +1,5 @@ {% macro initial_cluster() -%} -{% for host in etcd_peers -%} +{% for host in etcd_peers | default([]) -%} {% if loop.last -%} {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }} {%- else -%} diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml index d02456ca3..e3e2f7781 100644 --- a/roles/etcd_ca/meta/main.yml +++ b/roles/etcd_ca/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: Etcd CA company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: etcd_common } +- role: etcd_common diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index e1bb9baed..865074e41 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -2,6 +2,8 @@ - name: Install openssl action: "{{ ansible_pkg_mgr }} name=openssl state=present" when: not etcd_is_atomic | bool + delegate_to: "{{ etcd_ca_host }}" + run_once: true - file: path: "{{ item }}" @@ -13,29 +15,41 @@ - "{{ etcd_ca_new_certs_dir }}" - "{{ etcd_ca_crl_dir }}" - "{{ etcd_ca_dir }}/fragments" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: cp /etc/pki/tls/openssl.cnf ./ args: chdir: "{{ etcd_ca_dir }}/fragments" creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - template: dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf" src: openssl_append.j2 backup: true + delegate_to: "{{ etcd_ca_host }}" + run_once: true - assemble: src: "{{ etcd_ca_dir }}/fragments" dest: "{{ etcd_openssl_conf }}" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: touch {{ etcd_ca_db }} args: creates: "{{ etcd_ca_db }}" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - copy: dest: "{{ etcd_ca_serial }}" content: "01" force: no + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: > openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096 @@ -48,3 +62,5 @@ creates: "{{ etcd_ca_cert }}" environment: SAN: 'etcd-signer' + delegate_to: "{{ etcd_ca_host }}" + run_once: true diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml deleted file mode 100644 index b497a46c0..000000000 --- a/roles/etcd_certificates/tasks/client.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Ensure generated_certs directory present - file: - path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - state: directory - mode: 0700 - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- name: Create the client csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}client.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'client.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- name: Sign and create the client crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}client.crt - -in {{ item.etcd_cert_prefix }}client.csr - -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'client.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- file: - src: "{{ etcd_ca_cert }}" - dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" - state: hard - with_items: "{{ etcd_needing_client_certs | default([]) }}" diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml deleted file mode 100644 index 17092ca58..000000000 --- a/roles/etcd_certificates/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: client.yml - when: etcd_needing_client_certs | default([]) | length > 0 - -- include: server.yml - when: etcd_needing_server_certs | default([]) | length > 0 diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml deleted file mode 100644 index 934b8b805..000000000 --- a/roles/etcd_certificates/tasks/server.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Ensure generated_certs directory present - file: - path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - state: directory - mode: 0700 - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Create the server csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}server.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'server.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Sign and create the server crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}server.crt - -in {{ item.etcd_cert_prefix }}server.csr - -extensions {{ etcd_ca_exts_server }} -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'server.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Create the peer csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}peer.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'peer.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Sign and create the peer crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}peer.crt - -in {{ item.etcd_cert_prefix }}peer.csr - -extensions {{ etcd_ca_exts_peer }} -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'peer.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- file: - src: "{{ etcd_ca_cert }}" - dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" - state: hard - with_items: "{{ etcd_needing_server_certs | default([]) }}" diff --git a/roles/etcd_certificates/README.md b/roles/etcd_client_certificates/README.md index 95f8f8aab..269d5296d 100644 --- a/roles/etcd_certificates/README.md +++ b/roles/etcd_client_certificates/README.md @@ -1,5 +1,5 @@ -OpenShift etcd certificates -======================== +OpenShift Etcd Certificates +=========================== TODO diff --git a/roles/etcd_client_certificates/library b/roles/etcd_client_certificates/library new file mode 120000 index 000000000..494d3c39e --- /dev/null +++ b/roles/etcd_client_certificates/library @@ -0,0 +1 @@ +../../library
\ No newline at end of file diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml new file mode 100644 index 000000000..efebdb599 --- /dev/null +++ b/roles/etcd_client_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: Etcd Client Certificates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: etcd_common diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml new file mode 100644 index 000000000..275aa0a63 --- /dev/null +++ b/roles/etcd_client_certificates/tasks/main.yml @@ -0,0 +1,137 @@ +--- +- name: Ensure CA certificate exists on etcd_ca_host + stat: + path: "{{ etcd_ca_cert }}" + register: g_ca_cert_stat_result + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- fail: + msg: > + CA certificate {{ etcd_ca_cert }} doesn't exist on CA host + {{ etcd_ca_host }}. Apply 'etcd_ca' role to + {{ etcd_ca_host }}. + when: not g_ca_cert_stat_result.stat.exists | bool + run_once: true + +- name: Check status of external etcd certificatees + stat: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + with_items: + - "{{ etcd_cert_prefix }}client.crt" + - "{{ etcd_cert_prefix }}client.key" + - "{{ etcd_cert_prefix }}ca.crt" + register: g_external_etcd_cert_stat_result + when: not etcd_certificates_redeploy | default(false) | bool + +- set_fact: + etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool + else (False in (g_external_etcd_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" + +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + state: directory + mode: 0700 + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the client csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}client.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}client.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'client.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +# Certificates must be signed serially in order to avoid competing +# for the serial file. +- name: Sign and create the client crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}client.crt + -in {{ etcd_cert_prefix }}client.csr + -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'client.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt" + state: hard + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX + register: g_etcd_client_mktemp + changed_when: False + when: etcd_client_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ g_etcd_client_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ etcd_cert_config_dir }}" + state: directory + when: etcd_client_certs_missing | bool + +- name: Unarchive etcd cert tarballs + unarchive: + src: "{{ g_etcd_client_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_client_certs_missing | bool + +- file: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + owner: root + group: root + mode: 0600 + with_items: + - "{{ etcd_cert_prefix }}client.crt" + - "{{ etcd_cert_prefix }}client.key" + - "{{ etcd_cert_prefix }}ca.crt" + when: etcd_client_certs_missing | bool + +- name: Delete temporary directory + file: name={{ g_etcd_client_mktemp.stdout }} state=absent + changed_when: False + when: etcd_client_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/etcd_server_certificates/README.md b/roles/etcd_server_certificates/README.md new file mode 100644 index 000000000..269d5296d --- /dev/null +++ b/roles/etcd_server_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift Etcd Certificates +=========================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_server_certificates/library b/roles/etcd_server_certificates/library new file mode 120000 index 000000000..494d3c39e --- /dev/null +++ b/roles/etcd_server_certificates/library @@ -0,0 +1 @@ +../../library
\ No newline at end of file diff --git a/roles/etcd_certificates/meta/main.yml b/roles/etcd_server_certificates/meta/main.yml index 41370fab4..b453f2bd8 100644 --- a/roles/etcd_certificates/meta/main.yml +++ b/roles/etcd_server_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: Etcd Server Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: etcd_ca } +- role: etcd_ca diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml new file mode 100644 index 000000000..718515023 --- /dev/null +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -0,0 +1,179 @@ +--- +- name: Install etcd + action: "{{ ansible_pkg_mgr }} name=etcd state=present" + when: not etcd_is_containerized | bool + +- name: Check status of etcd certificates + stat: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + with_items: + - "{{ etcd_cert_prefix }}server.crt" + - "{{ etcd_cert_prefix }}peer.crt" + - "{{ etcd_cert_prefix }}ca.crt" + register: g_etcd_server_cert_stat_result + when: not etcd_certificates_redeploy | default(false) | bool + +- set_fact: + etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool + else (False in (g_etcd_server_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" + +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + state: directory + mode: 0700 + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the server csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}server.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}server.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'server.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +# Certificates must be signed serially in order to avoid competing +# for the serial file. +- name: Sign and create the server crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}server.crt + -in {{ etcd_cert_prefix }}server.csr + -extensions {{ etcd_ca_exts_server }} -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'server.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the peer csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}peer.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}peer.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'peer.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +# Certificates must be signed serially in order to avoid competing +# for the serial file. +- name: Sign and create the peer crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}peer.crt + -in {{ etcd_cert_prefix }}peer.csr + -extensions {{ etcd_ca_exts_peer }} -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'peer.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt" + state: hard + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX + become: no + register: g_etcd_server_mktemp + changed_when: False + when: etcd_server_certs_missing | bool + delegate_to: localhost + +- name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Retrieve etcd cert tarball + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ g_etcd_server_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ etcd_cert_config_dir }}" + state: directory + when: etcd_server_certs_missing | bool + +- name: Unarchive cert tarball + unarchive: + src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_server_certs_missing | bool + +- name: Delete temporary directory + file: name={{ g_etcd_server_mktemp.stdout }} state=absent + become: no + changed_when: False + when: etcd_server_certs_missing | bool + delegate_to: localhost + +- name: Validate permissions on certificate files + file: + path: "{{ item }}" + mode: 0600 + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + when: etcd_url_scheme == 'https' + with_items: + - "{{ etcd_ca_file }}" + - "{{ etcd_cert_file }}" + - "{{ etcd_key_file }}" + +- name: Validate permissions on peer certificate files + file: + path: "{{ item }}" + mode: 0600 + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + when: etcd_peer_url_scheme == 'https' + with_items: + - "{{ etcd_peer_ca_file }}" + - "{{ etcd_peer_cert_file }}" + - "{{ etcd_peer_key_file }}" + +- name: Validate permissions on the config dir + file: + path: "{{ etcd_conf_dir }}" + state: directory + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + mode: 0700 diff --git a/roles/flannel/README.md b/roles/flannel/README.md index 8f271aada..84e2c5c49 100644 --- a/roles/flannel/README.md +++ b/roles/flannel/README.md @@ -13,15 +13,15 @@ to 0.3. Role Variables -------------- -| Name | Default value | Description | -|---------------------|-----------------------------------------|-----------------------------------------------| -| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication | -| flannel_etcd_key | /openshift.com/network | etcd prefix | -| etcd_hosts | etcd_urls | a list of etcd endpoints | -| etcd_conf_dir | {{ openshift.common.config_base }}/node | SSL certificates directory | -| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | -| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd | -| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd | +| Name | Default value | Description | +|----------------------|-----------------------------------------|-----------------------------------------------| +| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication | +| flannel_etcd_key | /openshift.com/network | etcd prefix | +| etcd_hosts | etcd_urls | a list of etcd endpoints | +| etcd_cert_config_dir | {{ openshift.common.config_base }}/node | SSL certificates directory | +| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | +| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd | +| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd | Dependencies ------------ diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 34cebda9c..988731ef2 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -2,7 +2,6 @@ flannel_interface: "{{ ansible_default_ipv4.interface }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" -etcd_conf_dir: "{{ openshift.common.config_base }}/node" -etcd_peer_ca_file: "{{ etcd_conf_dir }}/{{ 'ca' if (embedded_etcd | bool) else 'node.etcd-ca' }}.crt" -etcd_peer_cert_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.crt" -etcd_peer_key_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.key" +etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt" +etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt" +etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key" diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 909bdbfa4..616ae61d2 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: flannel management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.2 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,6 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- role: openshift_facts +- role: openshift_etcd_client_certificates + etcd_cert_prefix: flannel.etcd- diff --git a/roles/flannel_register/README.md b/roles/flannel_register/README.md index 623c4c7cf..20a07c35e 100644 --- a/roles/flannel_register/README.md +++ b/roles/flannel_register/README.md @@ -16,7 +16,7 @@ Role Variables |---------------------|----------------------------------------------------|-------------------------------------------------| | flannel_network | {{ openshift.common.portal_net }} or 172.16.1.1/16 | interface to use for inter-host communication | | flannel_min_network | {{ min_network }} or 172.16.5.0 | beginning of IP range for the subnet allocation | -| flannel_subnet_len | /openshift.com/network | size of the subnet allocated to each host | +| flannel_subnet_len | 24 | size of the subnet allocated to each host | | flannel_etcd_key | /openshift.com/network | etcd prefix | | etcd_hosts | etcd_urls | a list of etcd endpoints | | etcd_conf_dir | {{ openshift.common.config_base }}/master | SSL certificates directory | diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml index a08aa1686..444c5b77e 100644 --- a/roles/openshift_ca/meta/main.yml +++ b/roles/openshift_ca/meta/main.yml @@ -15,3 +15,4 @@ galaxy_info: dependencies: - role: openshift_repos - role: openshift_cli +- role: openshift_named_certificates diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 4d9768ce7..bb89b65a6 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -3,6 +3,10 @@ msg: "openshift_ca_host variable must be defined for this role" when: openshift_ca_host is not defined +- fail: + msg: "Both 'certfile' and 'keyfile' keys must be supplied when configuring openshift_master_ca_certificate" + when: openshift_master_ca_certificate is defined and ('certfile' not in openshift_master_ca_certificate or 'keyfile' not in openshift_master_ca_certificate) + - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool @@ -28,26 +32,82 @@ path: "{{ openshift_ca_config_dir }}/{{ item }}" register: g_master_ca_stat_result with_items: + - ca-bundle.crt - ca.crt - ca.key delegate_to: "{{ openshift_ca_host }}" run_once: true - set_fact: - master_ca_missing: "{{ False in (g_master_ca_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + master_ca_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else False in (g_master_ca_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + run_once: true + +- name: Retain original serviceaccount keys + copy: + src: "{{ item }}" + dest: "{{ item }}.keep" + remote_src: true + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool + +- name: Deploy master ca certificate + copy: + src: "{{ item.src }}" + dest: "{{ openshift_ca_config_dir }}/{{ item.dest }}" + force: "{{ true if openshift_certificates_redeploy_ca | default(false) | bool else false }}" + with_items: + - src: "{{ (openshift_master_ca_certificate | default({'certfile':none})).certfile }}" + dest: ca.crt + - src: "{{ (openshift_master_ca_certificate | default({'keyfile':none})).keyfile }}" + dest: ca.key + when: openshift_master_ca_certificate is defined + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create ca serial + copy: + content: "1" + dest: "{{ openshift_ca_config_dir }}/ca.serial.txt" + force: "{{ true if openshift_certificates_redeploy | default(false) | bool else false }}" + when: openshift_master_ca_certificate is defined delegate_to: "{{ openshift_ca_host }}" run_once: true - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift_master_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_ca_config_dir }} - --overwrite=false - when: hostvars[openshift_ca_host].master_ca_missing | bool + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + --hostnames={{ openshift_master_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_ca_config_dir }} + --overwrite=false + when: master_ca_missing | bool delegate_to: "{{ openshift_ca_host }}" run_once: true + +- name: Restore original serviceaccount keys + copy: + src: "{{ item }}.keep" + dest: "{{ item }}" + remote_src: true + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool + +- name: Remove backup serviceaccount keys + file: + path: "{{ item }}.keep" + state: absent + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index 6111d1207..e217e37ea 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -2,12 +2,8 @@ - name: Set cloud provider facts openshift_facts: role: cloudprovider - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.cloudprovider.aws.*' - - 'openshift.cloudprovider.openstack.*' + local_facts: + kind: "{{ openshift_cloudprovider_kind | default(None) }}" - name: Create cloudprovider config dir file: diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index c501121e5..f22dd4520 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -7,4 +7,4 @@ template: dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" src: openstack.conf.j2 - when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)" + when: "openshift_cloudprovider_openstack_auth_url is defined and openshift_cloudprovider_openstack_username is defined and openshift_cloudprovider_openstack_password is defined and (openshift_cloudprovider_openstack_tenant_id is defined or openshift_cloudprovider_openstack_tenant_name is defined)" diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 index 8a06b3a08..ce452db24 100644 --- a/roles/openshift_cloud_provider/templates/openstack.conf.j2 +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -1,16 +1,16 @@ [Global] -auth-url = {{ openshift.cloudprovider.openstack.auth_url }} -username = {{ openshift.cloudprovider.openstack.username }} -password = {{ openshift.cloudprovider.openstack.password }} -{% if 'tenant_id' in openshift.cloudprovider.openstack %} -tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }} +auth-url = {{ openshift_cloudprovider_openstack_auth_url }} +username = {{ openshift_cloudprovider_openstack_username }} +password = {{ openshift_cloudprovider_openstack_password }} +{% if openshift_cloudprovider_openstack_tenant_id is defined %} +tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }} {% else %} -tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} +tenant-name = {{ openshift_cloudprovider_openstack_tenant_name }} {% endif %} -{% if 'region' in openshift.cloudprovider.openstack %} -region = {{ openshift.cloudprovider.openstack.region }} +{% if openshift_cloudprovider_openstack_region is defined %} +region = {{ openshift_cloudprovider_openstack_region }} {% endif %} -{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} +{% if openshift_cloudprovider_openstack_lb_subnet_id is defined %} [LoadBalancer] -subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} +subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }} {% endif %} diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml index c608e9b54..83bf6edc8 100644 --- a/roles/openshift_cloud_provider/vars/main.yml +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -1,4 +1,4 @@ --- -has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}" -cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}" -cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}" +has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}" +cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}" +cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}" diff --git a/roles/openshift_cluster_metrics/README.md b/roles/openshift_cluster_metrics/README.md deleted file mode 100644 index 9fdfab8e3..000000000 --- a/roles/openshift_cluster_metrics/README.md +++ /dev/null @@ -1,36 +0,0 @@ -#openshift_cluster_metrics - -This role configures Cluster wide metrics. It does setting up three services: -* Metrics are stored in InfluxDB for querying. -* Heapster reads all nodes and pods from the master, then connects to eachs node's kubelet to retrieve pod metrics. -* Grafan allows users to create dashboards of metrics from InfluxDB - -## Requirements - -Running OpenShift cluster - -## Role Variables - -``` -# Enable cluster metrics -use_cluster_metrics=true -``` - -## Dependencies - -None - -## Example Playbook - -TODO - -## Security Note -Opening up the read-only port exposes information about the running pods (such as namespace, pod name, labels, etc.) to unauthenticated clients. The requirement to open up this read-only port will be fixed in future versions. - -##License - -Apache License, Version 2.0 - -## Author Information - -Diego Castro (diego.castro@getupcloud.com) diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml deleted file mode 100644 index bff422efc..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - ports: - - - port: 80 - targetPort: "http" - selector: - provider: "fabric8" - component: "grafana" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "grafana" - template: - metadata: - labels: - provider: "fabric8" - component: "grafana" - spec: - containers: - - - env: - - - name: "INFLUXDB_SERVICE_NAME" - value: "INFLUXDB_MONITORING" - - - name: "GRAFANA_DEFAULT_DASHBOARD" - value: "/dashboard/file/kubernetes.json" - image: "fabric8/grafana:1.9.1_2" - name: "grafana" - ports: - - - containerPort: 3000 - name: "http"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml deleted file mode 100644 index 1de2ad699..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: heapster
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml deleted file mode 100644 index 83e314074..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "heapster" - name: "heapster" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "heapster" - template: - metadata: - labels: - provider: "fabric8" - component: "heapster" - spec: - containers: - - - args: - - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true" - - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086" - image: "kubernetes/heapster:V0.14.2" - name: "heapster" - serviceAccount: "heapster"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml deleted file mode 100644 index 6f67c3d7c..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - ports: - - - port: 8086 - targetPort: "http" - selector: - provider: "fabric8" - component: "influxdb-monitoring" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "influxdb-monitoring" - template: - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - spec: - containers: - - - env: - - - name: "PRE_CREATE_DB" - value: "k8s;grafana" - image: "fabric8/influxdb:0.8.8" - name: "influxdb" - ports: - - - containerPort: 8090 - name: "raft" - - - containerPort: 8099 - name: "protobuf" - - - containerPort: 8083 - name: "admin" - - - containerPort: 8086 - name: "http" - volumeMounts: - - - mountPath: "/data" - name: "influxdb-data" - volumes: - - - emptyDir: - name: "influxdb-data"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml deleted file mode 100644 index 1fc8a074a..000000000 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- - -- name: Install cluster metrics templates - copy: - src: cluster-metrics - dest: /etc/origin/ - -- name: Create InfluxDB Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/influxdb.yaml - register: oex_influxdb_services - failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" - changed_when: false - -- name: Create Heapster Service Account - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster-serviceaccount.yaml - register: oex_heapster_serviceaccount - failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" - changed_when: false - -- name: Add cluster-reader role to Heapster - command: > - {{ openshift.common.admin_binary }} policy - add-cluster-role-to-user - cluster-reader - system:serviceaccount:default:heapster - register: oex_cluster_header_role - failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" - changed_when: false - -- name: Create Heapster Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster.yaml - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" - changed_when: false - -- name: Create Grafana Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/grafana.yaml - register: oex_grafana_services - failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0" - changed_when: false - diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index ece335fbf..f10a77697 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -1,11 +1,11 @@ --- - fail: - msg: Flannel can not be used with openshift sdn - when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool + msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool - fail: - msg: Nuage sdn can not be used with openshift sdn - when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool + msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool - fail: msg: Nuage sdn can not be used with flannel diff --git a/roles/openshift_etcd_client_certificates/meta/main.yml b/roles/openshift_etcd_client_certificates/meta/main.yml new file mode 100644 index 000000000..3268c390f --- /dev/null +++ b/roles/openshift_etcd_client_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Etcd Client Certificates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_etcd_facts +- role: etcd_client_certificates diff --git a/roles/openshift_etcd_facts/tasks/main.yml b/roles/openshift_etcd_facts/tasks/main.yml new file mode 100644 index 000000000..22fb39006 --- /dev/null +++ b/roles/openshift_etcd_facts/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- openshift_facts: + role: etcd + local_facts: + etcd_image: "{{ osm_etcd_image | default(None) }}" diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml index 6f3894565..cae15d61a 100644 --- a/roles/openshift_etcd_facts/vars/main.yml +++ b/roles/openshift_etcd_facts/vars/main.yml @@ -3,3 +3,8 @@ etcd_is_containerized: "{{ openshift.common.is_containerized }}" etcd_is_atomic: "{{ openshift.common.is_atomic }}" etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" +etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}" +etcd_cert_prefix: +etcd_cert_config_dir: /etc/etcd +etcd_peer_url_scheme: https +etcd_url_scheme: https diff --git a/roles/openshift_etcd_server_certificates/meta/main.yml b/roles/openshift_etcd_server_certificates/meta/main.yml new file mode 100644 index 000000000..7750f14af --- /dev/null +++ b/roles/openshift_etcd_server_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Etcd Server Certificates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_etcd_facts +- role: etcd_server_certificates diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0f5189974..e843049f9 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -11,13 +11,17 @@ content_version: "{{ openshift.common.examples_content_version }}" examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" -rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" +rhel_image_streams: + - "{{ image_streams_base}}/image-streams-rhel7.json" + - "{{ image_streams_base}}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" quickstarts_base: "{{ examples_base }}/quickstart-templates" infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin" infrastructure_enterprise_base: "{{ examples_base }}/infrastructure-templates/enterprise" +cockpit_ui_base: "{{ examples_base }}/infrastructure-templates/enterprise" + openshift_examples_import_command: "create" registry_url: "" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index ef2da946a..1ad0d93a2 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,11 +5,11 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.3.1 +XPAAS_VERSION=ose-v1.3.3 ORIGIN_VERSION=${1:-v1.3} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete -find ${EXAMPLES_BASE} -name '*.yaml' -delete +find ${EXAMPLES_BASE} -name '*.yaml' -delete -exclude registry-console.json TEMP=`mktemp -d` pushd $TEMP @@ -29,7 +29,6 @@ unzip cakephp-ex-master.zip unzip application-templates-master.zip cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/ cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/ -cp origin-master/examples/jenkins/pipeline/jenkinstemplate.json ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ @@ -39,7 +38,7 @@ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json - +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index f7e713306..26e5d1951 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.2
\ No newline at end of file +v1.3
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..64b004ff4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,184 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..0d5b39e81 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json @@ -0,0 +1,208 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 9a935be5e..329e7a692 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -182,7 +182,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -190,8 +190,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -214,5 +214,6 @@ ], "labels": { "template": "mongodb-ephemeral-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 4f73d00cc..0fedad71e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -199,7 +199,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -207,8 +207,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -238,5 +238,6 @@ ], "labels": { "template": "mongodb-persistent-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 5f133b946..8a4ec41b2 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-ephemeral", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", @@ -60,7 +59,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -122,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -179,7 +178,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -187,8 +186,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index 88d8c3940..cae14c998 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -65,7 +65,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" } } @@ -173,7 +173,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -181,8 +181,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index e90244a6b..2b4b2a0cd 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -121,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -178,7 +178,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -186,8 +186,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 7b05076a5..63a04f08f 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -195,7 +195,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -203,8 +203,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..3d7afe4aa --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json @@ -0,0 +1,36 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .Net Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnetcore-10-rhel7" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world", + "version": "1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json index d971e5e7a..8aedf80fe 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json @@ -92,7 +92,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "0.10" + "name": "4" } }, { @@ -109,6 +109,21 @@ "kind": "DockerImage", "name": "openshift/nodejs-010-centos7:latest" } + }, + { + "name": "4", + "annotations": { + "description": "Build and run NodeJS 4 applications", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/nodejs-4-centos7:latest" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index 77ffee7f9..8b28f872f 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -323,4 +323,3 @@ items: description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index 89639fd67..ab62ae76f 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -68,6 +68,8 @@ objects: value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -76,6 +78,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} - name: HEAPSTER_NODE_ID value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION @@ -123,6 +127,10 @@ parameters: name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -135,6 +143,10 @@ parameters: name: METRIC_DURATION value: "7" - + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- description: "The identifier used when generating metric ids in Hawkular" name: HEAPSTER_NODE_ID value: "nodename" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json index bc9c8e8fd..cc7920b7d 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json @@ -207,9 +207,9 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index 0b7fd7cab..7d1dea11b 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "python:3.4" + "name": "python:3.5" }, "env": [ { @@ -273,7 +273,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "postgresql:9.4" + "name": "postgresql:9.5" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json index 9e84e27e1..1c2e40d70 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "python:3.4" + "name": "python:3.5" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index d1ae6de90..4f565206f 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -10,6 +10,7 @@ "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", "objects": [ { "kind": "Route", @@ -172,7 +173,8 @@ "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index c7bc3f2fa..eda826a5b 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -10,6 +10,7 @@ "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", "objects": [ { "kind": "Route", @@ -189,7 +190,8 @@ "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json index 325663313..fc409f709 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkinstemplate.json @@ -10,6 +10,7 @@ "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}.", "objects": [ { "kind": "Route", @@ -171,8 +172,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "jenkins-jnlp", - "creationTimestamp": null + "name": "jenkins-jnlp" }, "spec": { "ports": [ @@ -244,12 +244,13 @@ { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", + "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true } ], "labels": { - "template": "jenkins-ephemeral-template" + "template": "jenkins-pipeline-template" } } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json index b2b9f2478..6ab4a1781 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "nodejs:0.10" + "name": "nodejs:4" }, "env": [ { @@ -271,7 +271,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "mongodb:2.6" + "name": "mongodb:3.2" } } }, @@ -322,7 +322,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${DATABASE_ADMIN_PASSWORD} -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json index 08c7d3106..ec262e4e8 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "nodejs:0.10" + "name": "nodejs:4" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json index e64e2feeb..50d60f2bb 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "ruby:2.2" + "name": "ruby:2.3" }, "env": [ { @@ -300,7 +300,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "postgresql:9.4" + "name": "postgresql:9.5" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json index 46f93823c..4edc97f41 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -168,7 +194,7 @@ { "name": "1.2", "annotations": { - "description": "Decision Server 6.2 S2I images.", + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", "iconClass": "icon-jboss", "tags": "builder,decisionserver,java,xpaas", "supports":"decisionserver:6.2,java:8,xpaas:1.2", @@ -185,6 +211,56 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-decisionserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,processserver,java,xpaas", + "supports":"processserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-datagrid65-openshift" }, "spec": { @@ -255,19 +331,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -281,6 +287,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -451,6 +457,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -299,6 +305,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -435,6 +441,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -710,6 +710,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -698,6 +698,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..754a3b4c0 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,amq,java,messaging,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-amq-s2i" }, "labels": { "template": "decisionserver62-amq-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -145,18 +145,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -391,8 +389,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -460,11 +458,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ @@ -609,6 +602,11 @@ }, "ports": [ { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { "name": "amqp", "containerPort": 5672, "protocol": "TCP" @@ -658,20 +656,24 @@ "value": "${MQ_PROTOCOL}" }, { - "name": "AMQ_QUEUES", - "value": "${MQ_QUEUES}" + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, { - "name": "AMQ_TOPICS", - "value": "${MQ_TOPICS}" + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..8be4ac90b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-basic-s2i" }, "labels": { "template": "decisionserver62-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -301,11 +301,6 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..bf9047599 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-https-s2i" }, "labels": { "template": "decisionserver62-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -403,11 +403,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json new file mode 100644 index 000000000..51e667e02 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-amq-s2i" + }, + "labels": { + "template": "decisionserver63-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json new file mode 100644 index 000000000..c5f0d006a --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-basic-s2i" + }, + "labels": { + "template": "decisionserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json new file mode 100644 index 000000000..3db0e4c84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-https-s2i" + }, + "labels": { + "template": "decisionserver63-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,6 +88,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -431,6 +449,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -560,6 +578,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -554,6 +572,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -563,6 +581,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -557,6 +575,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -548,6 +566,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -693,6 +723,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -542,6 +560,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -681,6 +711,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -529,6 +576,14 @@ } }, { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, @@ -537,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -605,10 +672,6 @@ "value": "${SSO_BEARER_ONLY}" }, { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, - { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" }, @@ -617,6 +680,10 @@ "value": "${SSO_SAML_KEYSTORE}" }, { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" }, @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,9 +88,21 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -431,6 +460,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -560,6 +589,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -554,6 +583,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -563,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -607,6 +640,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -557,6 +586,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -601,6 +634,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -548,6 +577,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -592,6 +625,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -701,6 +738,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -542,6 +571,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -586,6 +619,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -689,6 +726,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -575,6 +575,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -573,6 +573,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json new file mode 100644 index 000000000..1dea463ac --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json @@ -0,0 +1,1079 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json new file mode 100644 index 000000000..42264585b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json @@ -0,0 +1,959 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json new file mode 100644 index 000000000..f6d0c99ed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json @@ -0,0 +1,1052 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json new file mode 100644 index 000000000..41c726cf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json @@ -0,0 +1,932 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json new file mode 100644 index 000000000..170c919cb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json @@ -0,0 +1,345 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,javaee,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-basic-s2i" + }, + "labels": { + "template": "processserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.H2Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json new file mode 100644 index 000000000..89d0db1a6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json new file mode 100644 index 000000000..26cab29f8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-s2i" + }, + "labels": { + "template": "processserver63-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json new file mode 100644 index 000000000..32a512829 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json @@ -0,0 +1,765 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json new file mode 100644 index 000000000..55e2199bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json @@ -0,0 +1,689 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-s2i" + }, + "labels": { + "template": "processserver63-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json index 7f320bace..fb0578a67 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, - "name": "sso70-basic" + "name": "sso70-https" }, "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" + "template": "sso70-https", + "xpaas" : "1.3.2" }, "parameters": [ { @@ -34,6 +34,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -46,15 +52,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -73,28 +85,9 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -104,15 +97,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -127,6 +120,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -179,30 +220,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http", @@ -269,7 +286,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -290,8 +307,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -307,8 +324,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -342,6 +375,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -370,32 +408,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -420,6 +450,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -436,6 +498,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,18 +136,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,21 +136,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,18 +121,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -589,6 +681,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,21 +121,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -586,6 +678,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md index 609f4dec9..c66bdb8bf 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md @@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a local path or an URL. Example: $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json - --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mongodb - MONGODB_USER=userJNX # generated - MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated - --> Creating resources ... - Service "mongodb" created - DeploymentConfig "mongodb" created - --> Success - Run 'oc status' to view your app. The parameters listed in the output above can be tweaked by specifying values in the command line with the `-p` option: $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default - --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mydb - MONGODB_USER=default - MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated - --> Creating resources ... - Service "mydb" created - DeploymentConfig "mydb" created - --> Success - Run 'oc status' to view your app. Note that the persistent template requires an existing persistent volume, otherwise the deployment won't ever succeed. diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..64b004ff4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,184 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..0d5b39e81 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json @@ -0,0 +1,208 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json index 9a935be5e..329e7a692 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -182,7 +182,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -190,8 +190,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -214,5 +214,6 @@ ], "labels": { "template": "mongodb-ephemeral-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json index 4f73d00cc..0fedad71e 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -199,7 +199,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -207,8 +207,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -238,5 +238,6 @@ ], "labels": { "template": "mongodb-persistent-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json index 5f133b946..8a4ec41b2 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-ephemeral", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", @@ -60,7 +59,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -122,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -179,7 +178,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -187,8 +186,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json index 88d8c3940..cae14c998 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json @@ -65,7 +65,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" } } @@ -173,7 +173,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -181,8 +181,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json index e90244a6b..2b4b2a0cd 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -121,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -178,7 +178,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -186,8 +186,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json index 7b05076a5..63a04f08f 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -195,7 +195,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -203,8 +203,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..3d7afe4aa --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json @@ -0,0 +1,36 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .Net Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnetcore-10-rhel7" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world", + "version": "1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml index 032f94a18..afd47ec7c 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION @@ -58,8 +64,12 @@ objects: value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -68,6 +78,10 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst @@ -87,7 +101,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.1" + value: "3.3.0" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -97,7 +111,7 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" name: MODE value: "deploy" - @@ -105,10 +119,18 @@ parameters: name: REDEPLOY value: "false" - + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- description: "Set to true for persistent storage, set to false to use non persistent storage" name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -121,6 +143,14 @@ parameters: name: METRIC_DURATION value: "7" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml new file mode 100644 index 000000000..11478263c --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}registry-console + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"' + name: IMAGE_VERSION + value: "3.3" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml index 77ffee7f9..8b28f872f 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml @@ -323,4 +323,3 @@ items: description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml index 89639fd67..ac5098c8a 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml @@ -68,6 +68,8 @@ objects: value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -76,6 +78,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} - name: HEAPSTER_NODE_ID value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION @@ -123,6 +127,10 @@ parameters: name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -135,10 +143,14 @@ parameters: name: METRIC_DURATION value: "7" - + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- description: "The identifier used when generating metric ids in Hawkular" name: HEAPSTER_NODE_ID value: "nodename" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml new file mode 100644 index 000000000..80cc4233b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_NAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_NAME} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: "Container image name" + name: IMAGE_NAME + value: "cockpit/kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json index f85e7e537..ab4982690 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json @@ -126,9 +126,9 @@ }, "spec": { "strategy": { - "type": "Rolling", + "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Retry", "execNewPod": { "command": [ diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json index d1ae6de90..e8e361415 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json @@ -5,11 +5,12 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -74,6 +76,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -88,7 +91,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -98,6 +101,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -135,19 +150,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -158,6 +196,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -168,11 +235,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json index c7bc3f2fa..e4a18961e 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json @@ -5,11 +5,12 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -91,6 +93,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -105,7 +108,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -115,6 +118,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -152,19 +167,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -175,6 +213,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -185,11 +252,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json index 46f93823c..4edc97f41 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -168,7 +194,7 @@ { "name": "1.2", "annotations": { - "description": "Decision Server 6.2 S2I images.", + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", "iconClass": "icon-jboss", "tags": "builder,decisionserver,java,xpaas", "supports":"decisionserver:6.2,java:8,xpaas:1.2", @@ -185,6 +211,56 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-decisionserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,processserver,java,xpaas", + "supports":"processserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-datagrid65-openshift" }, "spec": { @@ -255,19 +331,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -281,6 +287,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -451,6 +457,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -299,6 +305,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -435,6 +441,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -710,6 +710,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -698,6 +698,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..754a3b4c0 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,amq,java,messaging,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-amq-s2i" }, "labels": { "template": "decisionserver62-amq-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -145,18 +145,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -391,8 +389,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -460,11 +458,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ @@ -609,6 +602,11 @@ }, "ports": [ { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { "name": "amqp", "containerPort": 5672, "protocol": "TCP" @@ -658,20 +656,24 @@ "value": "${MQ_PROTOCOL}" }, { - "name": "AMQ_QUEUES", - "value": "${MQ_QUEUES}" + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, { - "name": "AMQ_TOPICS", - "value": "${MQ_TOPICS}" + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..8be4ac90b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-basic-s2i" }, "labels": { "template": "decisionserver62-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -301,11 +301,6 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..bf9047599 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-https-s2i" }, "labels": { "template": "decisionserver62-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -403,11 +403,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json new file mode 100644 index 000000000..51e667e02 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-amq-s2i" + }, + "labels": { + "template": "decisionserver63-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json new file mode 100644 index 000000000..c5f0d006a --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-basic-s2i" + }, + "labels": { + "template": "decisionserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json new file mode 100644 index 000000000..3db0e4c84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-https-s2i" + }, + "labels": { + "template": "decisionserver63-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,6 +88,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -431,6 +449,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -560,6 +578,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -554,6 +572,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -563,6 +581,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -557,6 +575,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -548,6 +566,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -693,6 +723,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -542,6 +560,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -681,6 +711,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -529,6 +576,14 @@ } }, { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, @@ -537,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -605,10 +672,6 @@ "value": "${SSO_BEARER_ONLY}" }, { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, - { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" }, @@ -617,6 +680,10 @@ "value": "${SSO_SAML_KEYSTORE}" }, { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" }, @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,9 +88,21 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -431,6 +460,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -560,6 +589,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -554,6 +583,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -563,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -607,6 +640,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -557,6 +586,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -601,6 +634,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -548,6 +577,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -592,6 +625,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -701,6 +738,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -542,6 +571,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -586,6 +619,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -689,6 +726,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -575,6 +575,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -573,6 +573,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json new file mode 100644 index 000000000..1dea463ac --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json @@ -0,0 +1,1079 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json new file mode 100644 index 000000000..42264585b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json @@ -0,0 +1,959 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json new file mode 100644 index 000000000..f6d0c99ed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json @@ -0,0 +1,1052 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json new file mode 100644 index 000000000..41c726cf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json @@ -0,0 +1,932 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json new file mode 100644 index 000000000..170c919cb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json @@ -0,0 +1,345 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,javaee,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-basic-s2i" + }, + "labels": { + "template": "processserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.H2Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json new file mode 100644 index 000000000..89d0db1a6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json new file mode 100644 index 000000000..26cab29f8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-s2i" + }, + "labels": { + "template": "processserver63-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json new file mode 100644 index 000000000..32a512829 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json @@ -0,0 +1,765 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json new file mode 100644 index 000000000..55e2199bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json @@ -0,0 +1,689 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-s2i" + }, + "labels": { + "template": "processserver63-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json index 7f320bace..fb0578a67 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, - "name": "sso70-basic" + "name": "sso70-https" }, "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" + "template": "sso70-https", + "xpaas" : "1.3.2" }, "parameters": [ { @@ -34,6 +34,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -46,15 +52,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -73,28 +85,9 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -104,15 +97,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -127,6 +120,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -179,30 +220,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http", @@ -269,7 +286,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -290,8 +307,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -307,8 +324,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -342,6 +375,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -370,32 +408,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -420,6 +450,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -436,6 +498,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,18 +136,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,21 +136,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,18 +121,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -589,6 +681,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,21 +121,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -586,6 +678,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 8d2248578..4150fabec 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -49,8 +49,10 @@ # RHEL and Centos image streams are mutually exclusive - name: Import RHEL streams command: > - {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ rhel_image_streams }} + {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ item }} when: openshift_examples_load_rhel | bool + with_items: + - "{{ rhel_image_streams }}" register: oex_import_rhel_streams failed_when: "'already exists' not in oex_import_rhel_streams.stderr and oex_import_rhel_streams.rc != 0" changed_when: false @@ -95,6 +97,21 @@ failed_when: "'already exists' not in oex_import_infrastructure.stderr and oex_import_infrastructure.rc != 0" changed_when: false +- name: Remove old xPaas template files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ xpaas_templates_base }}/sso70-basic.json" + +- name: Remove old xPaas templates from openshift namespace + command: "{{ openshift.common.client_binary }} -n openshift delete templates/{{ item }}" + with_items: + - sso70-basic + register: oex_delete_old_xpaas_templates + failed_when: "'not found' not in oex_delete_old_xpaas_templates.stderr and oex_delete_old_xpaas_templates.rc != 0" + changed_when: false + - name: Import xPaas image streams command: > {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ xpaas_image_streams }} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 54bdbc775..ebd799466 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -477,26 +477,17 @@ def set_selectors(facts): facts['hosted']['registry'] = {} if 'selector' not in facts['hosted']['registry'] or facts['hosted']['registry']['selector'] in [None, 'None']: facts['hosted']['registry']['selector'] = selector + if 'metrics' not in facts['hosted']: + facts['hosted']['metrics'] = {} + if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: + facts['hosted']['metrics']['selector'] = None + if 'logging' not in facts['hosted']: + facts['hosted']['logging'] = {} + if 'selector' not in facts['hosted']['logging'] or facts['hosted']['logging']['selector'] in [None, 'None']: + facts['hosted']['logging']['selector'] = None return facts -def set_metrics_facts_if_unset(facts): - """ Set cluster metrics facts if not already present in facts dict - dict: the facts dict updated with the generated cluster metrics facts if - missing - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated cluster metrics - facts if they were not already present - - """ - if 'common' in facts: - if 'use_cluster_metrics' not in facts['common']: - use_cluster_metrics = False - facts['common']['use_cluster_metrics'] = use_cluster_metrics - return facts - def set_dnsmasq_facts_if_unset(facts): """ Set dnsmasq facts if not already present in facts Args: @@ -806,7 +797,7 @@ def set_deployment_facts_if_unset(facts): curr_disabled_features = set(facts['master']['disabled_features']) facts['master']['disabled_features'] = list(curr_disabled_features.union(openshift_features)) else: - if deployment_type == 'atomic-enterprise': + if facts['common']['deployment_subtype'] == 'registry': facts['master']['disabled_features'] = openshift_features if 'node' in facts: @@ -961,7 +952,12 @@ def format_url(use_ssl, hostname, port, path=''): netloc = hostname if (use_ssl and port != '443') or (not use_ssl and port != '80'): netloc += ":%s" % port - return urlparse.urlunparse((scheme, netloc, path, '', '', '')) + try: + url = urlparse.urlunparse((scheme, netloc, path, '', '', '')) + except AttributeError: + # pylint: disable=undefined-variable + url = urlunparse((scheme, netloc, path, '', '', '')) + return url def get_current_config(facts): """ Get current openshift config @@ -1616,11 +1612,13 @@ class OpenShiftFacts(object): try: # ansible-2.1 - # pylint: disable=too-many-function-args + # pylint: disable=too-many-function-args,invalid-name self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter']) - except TypeError: - # ansible-1.9.x,ansible-2.0.x - self.system_facts = ansible_facts(module) + for (k, v) in self.system_facts.items(): + self.system_facts["ansible_%s" % k.replace('-', '_')] = v + except UnboundLocalError: + # ansible-2.2 + self.system_facts = get_all_facts(module)['ansible_facts'] self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, @@ -1659,7 +1657,12 @@ class OpenShiftFacts(object): else: deployment_type = 'origin' - defaults = self.get_defaults(roles, deployment_type) + if 'common' in local_facts and 'deployment_subtype' in local_facts['common']: + deployment_subtype = local_facts['common']['deployment_subtype'] + else: + deployment_subtype = 'basic' + + defaults = self.get_defaults(roles, deployment_type, deployment_subtype) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) facts = merge_facts(facts, @@ -1674,7 +1677,6 @@ class OpenShiftFacts(object): facts = set_nuage_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_selectors(facts) - facts = set_metrics_facts_if_unset(facts) facts = set_identity_providers_if_unset(facts) facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) @@ -1692,7 +1694,7 @@ class OpenShiftFacts(object): facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) - def get_defaults(self, roles, deployment_type): + def get_defaults(self, roles, deployment_type, deployment_subtype): """ Get default fact values Args: @@ -1702,16 +1704,17 @@ class OpenShiftFacts(object): dict: The generated default facts """ defaults = {} - ip_addr = self.system_facts['default_ipv4']['address'] + ip_addr = self.system_facts['ansible_default_ipv4']['address'] exit_code, output, _ = module.run_command(['hostname', '-f']) hostname_f = output.strip() if exit_code == 0 else '' - hostname_values = [hostname_f, self.system_facts['nodename'], - self.system_facts['fqdn']] + hostname_values = [hostname_f, self.system_facts['ansible_nodename'], + self.system_facts['ansible_fqdn']] hostname = choose_hostname(hostname_values, ip_addr) defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type=deployment_type, + deployment_subtype=deployment_subtype, hostname=hostname, public_hostname=hostname, portal_net='172.30.0.0/16', @@ -1726,6 +1729,7 @@ class OpenShiftFacts(object): {"name": "PodFitsResources"}, {"name": "PodFitsPorts"}, {"name": "NoDiskConflict"}, + {"name": "NoVolumeZoneConflict"}, {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} ] scheduler_priorities = [ @@ -1757,7 +1761,7 @@ class OpenShiftFacts(object): if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, - iptables_sync_period='5s', + iptables_sync_period='30s', local_quota_per_fsgroup="", set_node_ip=False) @@ -1801,8 +1805,9 @@ class OpenShiftFacts(object): filesystem='ext4', volumeID='123'), host=None, - access_modes=['ReadWriteMany'], - create_pv=True + access_modes=['ReadWriteOnce'], + create_pv=True, + create_pvc=False ) ), registry=dict( @@ -1817,7 +1822,8 @@ class OpenShiftFacts(object): options='*(rw,root_squash)'), host=None, access_modes=['ReadWriteMany'], - create_pv=True + create_pv=True, + create_pvc=True ) ), router=dict() @@ -1839,10 +1845,10 @@ class OpenShiftFacts(object): dict: The generated default facts for the detected provider """ # TODO: cloud provider facts should probably be submitted upstream - product_name = self.system_facts['product_name'] - product_version = self.system_facts['product_version'] - virt_type = self.system_facts['virtualization_type'] - virt_role = self.system_facts['virtualization_role'] + product_name = self.system_facts['ansible_product_name'] + product_version = self.system_facts['ansible_product_version'] + virt_type = self.system_facts['ansible_virtualization_type'] + virt_role = self.system_facts['ansible_virtualization_role'] provider = None metadata = None @@ -2125,12 +2131,16 @@ def main(): additive_facts_to_overwrite=dict(default=[], type='list', required=False), openshift_env=dict(default={}, type='dict', required=False), openshift_env_structures=dict(default=[], type='list', required=False), - protected_facts_to_overwrite=dict(default=[], type='list', required=False), + protected_facts_to_overwrite=dict(default=[], type='list', required=False) ), supports_check_mode=True, add_file_common_args=True, ) + module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter'] + module.params['gather_timeout'] = 10 + module.params['filter'] = '*' + role = module.params['role'] local_facts = module.params['local_facts'] additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 4dbbd7f45..afeb78f95 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -24,6 +24,7 @@ local_facts: # TODO: Deprecate deployment_type in favor of openshift_deployment_type deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" + deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" cluster_id: "{{ openshift_cluster_id | default('default') }}" hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" @@ -40,4 +41,3 @@ - name: Set repoquery command set_fact: repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" - diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index c7d20f88b..74c50ae1d 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -11,27 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_cli -- role: openshift_hosted_facts -- role: openshift_projects - # TODO: Move standard project definitions to openshift_hosted/vars/main.yml - # Vars are not accessible in meta/main.yml in ansible-1.9.x - openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - hostnetwork - when: openshift.common.version_gte_3_2_or_1_2 -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - when: not openshift.common.version_gte_3_2_or_1_2 -- role: openshift_metrics - when: openshift.hosted.metrics.deploy | bool +dependencies: [] diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml index c801a0e67..67c6bbfd7 100644 --- a/roles/openshift_hosted/tasks/main.yml +++ b/roles/openshift_hosted/tasks/main.yml @@ -13,7 +13,10 @@ changed_when: False - include: router/router.yml + when: openshift_hosted_manage_router | default(true) | bool + - include: registry/registry.yml + when: openshift_hosted_manage_registry | default(true) | bool - name: Delete temp directory file: diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index a1edef132..b28974236 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -4,12 +4,27 @@ {{ openshift.common.client_binary }} --api-version='v1' -o json get nodes -n default --config={{ openshift_hosted_kubeconfig }} --selector={{ openshift.hosted.registry.selector | default('') }} - register: openshift_hosted_registry_nodes_json + register: registry_nodes_json changed_when: false when: openshift.hosted.registry.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.registry.replicas | default(((openshift_hosted_registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) if openshift.hosted.registry.storage.kind | default(none) is not none else 1) }}" + l_node_count: "{{ (registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length }}" + +# Determine the default number of registry/router replicas to use if no count +# has been specified. +# If no registry nodes defined, the default should be 0. +- set_fact: + l_default_replicas: 0 + when: l_node_count | int == 0 + +# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1: +- set_fact: + l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" + when: l_node_count | int > 0 + +- set_fact: + replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" - name: Create OpenShift registry command: > @@ -32,9 +47,12 @@ register: openshift_hosted_registry_results changed_when: "'service exists' not in openshift_hosted_registry_results.stdout" failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" + when: replicas | int > 0 - include: storage/object_storage.yml - when: openshift.hosted.registry.storage.kind | default(none) == 'object' + static: no + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object' - include: storage/persistent_volume.yml - when: openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] + static: no + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml index 6bf859e82..60eefd71a 100644 --- a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml +++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml @@ -5,10 +5,11 @@ - name: Determine if volume is already attached to dc/docker-registry command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1" changed_when: false + failed_when: false register: registry_volumes_output - set_fact: - volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}" + volume_attached: "{{ registry_volume_claim in (registry_volumes_output).stdout | default(['']) }}" - name: Add volume to dc/docker-registry command: > diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 7f3731c7d..e18b9781c 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -1,7 +1,7 @@ --- - fail: msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." - when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) + when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) - name: Read router certificate and key become: no @@ -39,12 +39,12 @@ {{ openshift.common.client_binary }} --api-version='v1' -o json get nodes -n default --config={{ openshift_hosted_kubeconfig }} --selector={{ openshift.hosted.router.selector | default('') }} - register: openshift_hosted_router_nodes_json + register: router_nodes_json changed_when: false when: openshift.hosted.router.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}" + replicas: "{{ openshift.hosted.router.replicas | default((router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}" - name: Create OpenShift router command: > @@ -73,3 +73,4 @@ register: openshift_hosted_router_results changed_when: "'service exists' not in openshift_hosted_router_results.stdout" failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr" + when: replicas | int > 0 diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index ea5626642..b70ec500e 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -58,6 +58,10 @@ auth: openshift: realm: openshift middleware: +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + registry: + - name: openshift +{% endif %} repository: - name: openshift options: @@ -69,4 +73,7 @@ middleware: baseurl: {{ openshift.hosted.registry.storage.s3.cloudfront.baseurl }} privatekey: {{ openshift.hosted.registry.storage.s3.cloudfront.privatekeyfile }} keypairid: {{ openshift.hosted.registry.storage.s3.cloudfront.keypairid }} +{% elif openshift.common.version_gte_3_3_or_1_3 | bool %} + storage: + - name: openshift {% endif -%} diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 index 05e360d3b..b9a279f5f 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -7,6 +7,7 @@ global user haproxy group haproxy daemon + log /dev/log local0 info # turn on stats unix socket stats socket /var/lib/haproxy/stats diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 291cdbbb5..5abac32cd 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -13,10 +13,11 @@ {{ openshift.common.admin_binary }} manage-node {{ item.openshift.common.hostname | lower }} --schedulable={{ 'true' if item.openshift.node.schedulable | bool else 'false' }} with_items: - "{{ openshift_node_vars }}" + when: item.openshift.common.hostname is defined - name: Label nodes command: > {{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname | lower }} {{ item.openshift.node.labels | oo_combine_dict }} with_items: - "{{ openshift_node_vars }}" - when: "'labels' in item.openshift.node and item.openshift.node.labels != {}" + when: item.openshift.common.hostname is defined and 'labels' in item.openshift.node and item.openshift.node.labels != {} diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f7dfb11f7..edb7369de 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -17,7 +17,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index be70d9102..a2f665702 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -11,32 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_master_certificates -- role: openshift_cloud_provider -- role: openshift_builddefaults -- role: openshift_master_facts -- role: openshift_hosted_facts -- role: os_firewall - os_firewall_allow: - - service: etcd embedded - port: 4001/tcp - - service: api server https - port: "{{ openshift.master.api_port }}/tcp" - - service: api controllers https - port: "{{ openshift.master.controllers_port }}/tcp" - - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" - - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" - - service: Fluentd td-agent tcp - port: 24224/tcp - - service: Fluentd td-agent udp - port: 24224/udp - - service: pcsd - port: 2224/tcp - - service: Corosync UDP - port: 5404/udp - - service: Corosync UDP - port: 5405/udp +dependencies: [] diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 0b87ae48c..6259fd996 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -180,7 +180,10 @@ changed_when: false - name: Stop and disable non-HA master when running HA - service: name={{ openshift.common.service_type }}-master enabled=no state=stopped + service: + name: "{{ openshift.common.service_type }}-master" + enabled: no + state: stopped when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout - set_fact: @@ -191,9 +194,24 @@ command: systemctl mask {{ openshift.common.service_type }}-master when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool -- name: Start and enable master api - service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started +- name: Start and enable master api on first master + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master api all masters + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: @@ -206,7 +224,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' @@ -216,9 +239,24 @@ changed_when: false when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool -- name: Start and enable master controller - service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started +- name: Start and enable master controller on first master + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master controller on all masters + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: @@ -239,37 +277,3 @@ - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster when: install_result | changed - -- name: Lookup default group for ansible_ssh_user - command: "/usr/bin/id -g {{ ansible_ssh_user }}" - changed_when: false - register: _ansible_ssh_user_gid - -- set_fact: - client_users: "{{ [ansible_ssh_user, 'root'] | unique }}" - -- name: Create the client config dir(s) - file: - path: "~{{ item }}/.kube" - state: directory - mode: 0700 - owner: "{{ item }}" - group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: "{{ client_users }}" - -# TODO: Update this file if the contents of the source file are not present in -# the dest file, will need to make sure to ignore things that could be added -- name: Copy the admin client config(s) - command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config - args: - creates: ~{{ item }}/.kube/config - with_items: "{{ client_users }}" - -- name: Update the permissions on the admin client config(s) - file: - path: "~{{ item }}/.kube/config" - state: file - mode: 0700 - owner: "{{ item }}" - group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: "{{ client_users }}" diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 458b56fd1..56110c28f 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -16,7 +16,7 @@ # workaround for missing systemd unit files - name: Create the systemd unit files template: - src: "docker/master.docker.service.j2" + src: "master_docker/master.docker.service.j2" dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool) register: create_master_unit_file @@ -45,6 +45,13 @@ failed_when: false changed_when: false +- name: Preserve Master API AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api + register: master_api_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master api service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" @@ -62,13 +69,29 @@ line: "{{ item }}" with_items: "{{ master_api_proxy.stdout_lines | default([]) }}" +- name: Restore Master API AWS Options + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_api_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + line: "{{ item }}" + with_items: "{{ master_api_aws.stdout_lines | default([]) }}" + - name: Preserve Master Controllers Proxy Config options - command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers register: master_controllers_proxy when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" failed_when: false changed_when: false +- name: Preserve Master Controllers AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + register: master_controllers_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master controllers service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" @@ -84,12 +107,21 @@ line: "{{ item }}" with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}" when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" - and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + +- name: Restore Master Controllers AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + line: "{{ item }}" + with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}" + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_controllers_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: docker/master.docker.service.j2 + src: master_docker/master.docker.service.j2 register: install_result when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool @@ -99,6 +131,12 @@ failed_when: false changed_when: false +- name: Preserve Master AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master + register: master_aws + failed_when: false + changed_when: false + - name: Create the master service env file template: src: "atomic-openshift-master.j2" @@ -112,4 +150,11 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master line: "{{ item }}" with_items: "{{ master_proxy.stdout_lines | default([]) }}" - when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
\ No newline at end of file + when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + +- name: Restore Master AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + line: "{{ item }}" + with_items: "{{ master_aws.stdout_lines | default([]) }}" + when: master_aws.rc == 0 and not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 75d44d308..10eaeb401 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index df1dbb85e..eef0f414e 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -12,7 +12,7 @@ Requires=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index 5ff2edae4..a8f5d7351 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -11,7 +11,7 @@ PartOf=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index b18a42e32..ced3eb76f 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} {% endif %} controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} {% endif %} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} +controllerConfig: + serviceServingCert: + signer: + certFile: service-signer.crt + keyFile: service-signer.key +{% endif %} controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} @@ -131,7 +138,21 @@ kubernetesMasterConfig: {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + externalKubernetesClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 400 + qps: 200 +{% endif %} externalKubernetesKubeConfig: "" +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + openshiftLoopbackClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 600 + qps: 300 +{% endif %} openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: @@ -142,6 +163,7 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.common.portal_net }} + externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }} oauthConfig: {% if 'oauth_always_show_provider_selection' in openshift.master %} alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} @@ -156,7 +178,11 @@ oauthConfig: {% for line in translated_identity_providers.splitlines() %} {{ line }} {% endfor %} +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} masterCA: ca.crt +{% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: @@ -189,7 +215,11 @@ serviceAccountConfig: - default - builder - deployer +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} masterCA: ca.crt +{% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -201,7 +231,7 @@ servingInfo: keyFile: master.server.key maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 -{% if openshift.master.named_certificates %} +{% if openshift.master.named_certificates | default([]) | length > 0 %} namedCertificates: {% for named_certificate in openshift.master.named_certificates %} - certFile: {{ named_certificate['certfile'] }} diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/master_docker/master.docker.service.j2 index 97f698b68..be7644710 100644 --- a/roles/openshift_master/templates/docker/master.docker.service.j2 +++ b/roles/openshift_master/templates/master_docker/master.docker.service.j2 @@ -8,7 +8,7 @@ Wants=etcd_container.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master Restart=always diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 41308bd81..43fb3cafa 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 37a5d75f2..6d26a69eb 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_access_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml index dd19c8ded..018186e86 100644 --- a/roles/openshift_master_certificates/meta/main.yml +++ b/roles/openshift_master_certificates/meta/main.yml @@ -13,4 +13,5 @@ galaxy_info: - cloud - system dependencies: +- role: openshift_master_facts - role: openshift_ca diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 6fb5830cf..ffde59358 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -21,18 +21,22 @@ with_items: - "{{ openshift_master_certs }}" register: g_master_cert_stat_result + when: not openshift_certificates_redeploy | default(false) | bool - set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + master_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else (False in (g_master_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" + - name: Ensure the generated_configs directory present file: path: "{{ openshift_master_generated_config_dir }}" state: directory mode: 0700 - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - file: @@ -43,18 +47,21 @@ - ca.crt - ca.key - ca.serial.txt - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.all_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_generated_config_dir }} - --overwrite=false - when: master_certs_missing | bool + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + --hostnames={{ openshift.common.all_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_generated_config_dir }} + --overwrite=false + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - file: @@ -64,7 +71,7 @@ force: true with_items: - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - name: Remove generated etcd client certs when using external etcd @@ -121,3 +128,65 @@ when: master_certs_missing | bool delegate_to: localhost become: no + +- name: Lookup default group for ansible_ssh_user + command: "/usr/bin/id -g {{ ansible_ssh_user }}" + changed_when: false + register: _ansible_ssh_user_gid + +- set_fact: + client_users: "{{ [ansible_ssh_user, 'root'] | unique }}" + +- name: Create the client config dir(s) + file: + path: "~{{ item }}/.kube" + state: directory + mode: 0700 + owner: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" + with_items: "{{ client_users }}" + +# TODO: Update this file if the contents of the source file are not present in +# the dest file, will need to make sure to ignore things that could be added +- name: Copy the admin client config(s) + copy: + src: "{{ openshift_master_config_dir }}/admin.kubeconfig" + dest: "~{{ item }}/.kube/config" + remote_src: yes + force: "{{ openshift_certificates_redeploy | default(false) }}" + with_items: "{{ client_users }}" + +- name: Update the permissions on the admin client config(s) + file: + path: "~{{ item }}/.kube/config" + state: file + mode: 0700 + owner: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" + with_items: "{{ client_users }}" + +# Ensure ca-bundle exists for 3.2+ configuration +- name: Check for ca-bundle.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + register: ca_bundle_stat + failed_when: false + +- name: Check for ca.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca.crt" + register: ca_crt_stat + failed_when: false + +- name: Migrate ca.crt to ca-bundle.crt + command: mv ca.crt ca-bundle.crt + args: + chdir: "{{ openshift.common.config_base }}/master" + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Link ca.crt to ca-bundle.crt + file: + src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + path: "{{ openshift.common.config_base }}/master/ca.crt" + state: link + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 17c31ec05..e0c0fc644 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -17,7 +17,6 @@ console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}" - metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}" logout_url: "{{ openshift_master_logout_url | default(None) }}" extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}" extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}" @@ -80,3 +79,4 @@ api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" audit_config: "{{ openshift_master_audit_config | default(None) }}" + metrics_public_url: "{% if openshift_hosted_metrics_deploy | default(false) %}https://{{ metrics_hostname }}/hawkular/metrics{% endif %}" diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml index 086d8340c..406d50c24 100644 --- a/roles/openshift_master_facts/vars/main.yml +++ b/roles/openshift_master_facts/vars/main.yml @@ -17,4 +17,9 @@ builddefaults_yaml: - name: https_proxy value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" - name: no_proxy - value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}"
\ No newline at end of file + value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" + +metrics_hostname: "{{ openshift_hosted_metrics_public_url + | default('hawkular-metrics.' ~ (openshift.master.default_subdomain + | default(openshift_master_default_subdomain ))) + | oo_hostname_from_url }}" diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml new file mode 100644 index 000000000..edb7369de --- /dev/null +++ b/roles/openshift_metrics/handlers/main.yml @@ -0,0 +1,31 @@ +--- +- name: restart master + service: name={{ openshift.common.service_type }}-master state=restarted + when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) + notify: Verify API Server + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + notify: Verify API Server + +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + +- name: Verify API Server + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift.master.api_url }}/healthz/ready + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml new file mode 100644 index 000000000..9c4eb22d7 --- /dev/null +++ b/roles/openshift_metrics/tasks/install.yml @@ -0,0 +1,114 @@ +--- + +- name: Test if metrics-deployer service account exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace=openshift-infra + get serviceaccount metrics-deployer -o json + register: serviceaccount + changed_when: false + failed_when: false + +- name: Create metrics-deployer Service Account + shell: > + echo {{ metrics_deployer_sa | to_json | quote }} | + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + create -f - + when: serviceaccount.rc == 1 + +- name: Test edit permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' + register: edit_rolebindings + changed_when: false + +- name: Add edit permission to the openshift-infra project to metrics-deployer SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user edit + system:serviceaccount:openshift-infra:metrics-deployer + when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" + +- name: Test cluster-reader permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' + register: cluster_reader_clusterrolebindings + changed_when: false + +- name: Add cluster-reader permission to the openshift-infra project to heapster SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-cluster-role-to-user cluster-reader + system:serviceaccount:openshift-infra:heapster + when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" + +- name: Create metrics-deployer secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + secrets new metrics-deployer nothing=/dev/null + register: metrics_deployer_secret + changed_when: metrics_deployer_secret.rc == 0 + failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" + +# TODO: extend this to allow user passed in certs or generating cert with +# OpenShift CA +- name: Build metrics deployer command + set_fact: + deployer_cmd: "{{ openshift.common.client_binary }} process -f \ + {{ metrics_template_dir }}/metrics-deployer.yaml -v \ + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ + | {{ openshift.common.client_binary }} --namespace openshift-infra \ + --config={{ openshift_metrics_kubeconfig }} \ + create -o name -f -" + +- name: Deploy Metrics + shell: "{{ deployer_cmd }}" + register: deploy_metrics + failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" + changed_when: deploy_metrics.rc == 0 + +- set_fact: + deployer_pod: "{{ deploy_metrics.stdout[1:2] }}" + +# TODO: re-enable this once the metrics deployer validation issue is fixed +# when using dynamically provisioned volumes +- name: "Wait for image pull and deployer pod" + shell: > + {{ openshift.common.client_binary }} + --namespace openshift-infra + --config={{ openshift_metrics_kubeconfig }} + get {{ deploy_metrics.stdout }} + register: deploy_result + until: "{{ 'Completed' in deploy_result.stdout }}" + failed_when: False + retries: 60 + delay: 10 + +- name: Configure master for metrics + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: assetConfig.metricsPublicURL + yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics" + notify: restart master + +- name: Store metrics public_url + openshift_facts: + role: master + local_facts: + metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics" + when: deploy_result | changed diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 43b85204a..88432a9f8 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,64 +1,87 @@ --- -- name: Copy Configuration to temporary conf - command: > - cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{hawkular_tmp_conf}} - changed_when: false +- fail: + msg: This role required openshift_master_default_subdomain or openshift_hosted_metrics_public_url be set + when: openshift.master.metrics_public_url | default(openshift_hosted_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none -- name: Create metrics-deployer Service Account - shell: > - echo {{ deployer_service_account | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n openshift-infra - --config={{hawkular_tmp_conf}} - -f - - register: deployer_create_service_account - failed_when: "'already exists' not in deployer_create_service_account.stderr and deployer_create_service_account.rc != 0" - changed_when: deployer_create_service_account.rc == 0 +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False -- name: Create metrics-deployer Secret - command: > - {{ openshift.common.client_binary }} - secrets new metrics-deployer - nothing=/dev/null - --config={{hawkular_tmp_conf}} - -n openshift-infra - register: deployer_create_secret - failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0" - changed_when: deployer_create_secret.rc == 0 +- name: Record kubeconfig tmp dir + set_fact: + openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" -- name: Configure role/user permissions +- name: Copy the admin client config(s) command: > - {{ openshift.common.admin_binary }} {{item}} - --config={{hawkular_tmp_conf}} - with_items: "{{hawkular_permission_oc_commands}}" - register: hawkular_perm_task - failed_when: "'already exists' not in hawkular_perm_task.stderr and hawkular_perm_task.rc != 0" - changed_when: hawkular_perm_task.rc == 0 + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }} + changed_when: False + +- name: Set hosted metrics facts + openshift_facts: + role: hosted + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) + | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.hosted.metrics.*' + +- set_fact: + # Prefer the master facts over bare variables if present, prefer + # metrics_public_url over creating a default using default_subdomain + metrics_hostname: "{{ openshift.hosted.metrics.public_url + | default('hawkular-metrics.' ~ (openshift.master.default_subdomain + | default(openshift_master_default_subdomain ))) + | oo_hostname_from_url }}" + metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" + metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" + cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" + image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" + image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}" -- name: Check openshift_master_default_subdomain - fail: - msg: "Default subdomain should be defined" - when: openshift.master.default_subdomain is not defined -- name: Create Heapster and Hawkular/Cassandra Services +- name: Check for existing metrics pods shell: > - {{ openshift.common.client_binary }} process -f \ - /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \ - | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l {{ item }} | grep -q Running + register: metrics_pods_status + with_items: + - metrics-infra=hawkular-metrics + - metrics-infra=heapster + - metrics-infra=hawkular-cassandra + failed_when: false changed_when: false -- name: Clean temporary config file - command: > - rm -rf {{hawkular_tmp_conf}} +- name: Check for previous deployer + shell: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- + register: metrics_deployer_status + failed_when: false changed_when: false -- name: "Wait for image pull and deployer pod" - shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed" - register: result - until: result.rc == 0 - retries: 60 - delay: 10 +- name: Record current deployment status + set_fact: + greenfield: "{{ not metrics_deployer_status.rc == 0 }}" + failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" + metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" + +- name: Set deployment mode + set_fact: + deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" + +# TODO: handle non greenfield deployments in the future +- include: install.yml + when: greenfield +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index 82d9d29f7..0331bcb89 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -2,13 +2,13 @@ hawkular_permission_oc_commands: - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster -deployer_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: metrics-deployer - secrets: - - name: metrics-deployer +metrics_deployer_sa: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: metrics-deployer + secrets: + - name: metrics-deployer hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig @@ -17,3 +17,4 @@ hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}tru hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" +metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) diff --git a/roles/openshift_named_certificates/README.md b/roles/openshift_named_certificates/README.md new file mode 100644 index 000000000..41f895813 --- /dev/null +++ b/roles/openshift_named_certificates/README.md @@ -0,0 +1,32 @@ +OpenShift Named Certificates +============================ + +TODO + +Requirements +------------ + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Andrew Butcher <abutcher@redhat.com> diff --git a/roles/openshift_etcd_certificates/meta/main.yml b/roles/openshift_named_certificates/meta/main.yml index 2725fdb51..2c6e12494 100644 --- a/roles/openshift_etcd_certificates/meta/main.yml +++ b/roles/openshift_named_certificates/meta/main.yml @@ -1,16 +1,16 @@ --- galaxy_info: author: Andrew Butcher - description: OpenShift etcd Certificates + description: OpenShift Named Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.1 platforms: - name: EL versions: - 7 categories: - cloud + - system dependencies: -- role: openshift_etcd_facts -- role: etcd_certificates +- role: openshift_facts diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml new file mode 100644 index 000000000..7f20cf401 --- /dev/null +++ b/roles/openshift_named_certificates/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- set_fact: + parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}" + when: named_certificates | length > 0 + delegate_to: localhost + become: no + run_once: true + +- openshift_facts: + role: master + local_facts: + named_certificates: "{{ parsed_named_certificates | default([]) }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" + +- name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + +- name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + mode: 0700 + +- name: Land named certificates + copy: + src: "{{ item.certfile }}" + dest: "{{ named_certs_dir }}" + with_items: "{{ named_certificates }}" + +- name: Land named certificate keys + copy: + src: "{{ item.keyfile }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ named_certificates }}" + +- name: Land named CA certificates + copy: + src: "{{ item }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ named_certificates | oo_collect('cafile') }}" diff --git a/roles/openshift_named_certificates/tasks/named_certificates.yml b/roles/openshift_named_certificates/tasks/named_certificates.yml new file mode 100644 index 000000000..7b097b443 --- /dev/null +++ b/roles/openshift_named_certificates/tasks/named_certificates.yml @@ -0,0 +1,32 @@ +--- +- name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + +- name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + mode: 0700 + +- name: Land named certificates + copy: + src: "{{ item.certfile }}" + dest: "{{ named_certs_dir }}" + with_items: "{{ openshift_master_named_certificates | default([]) }}" + +- name: Land named certificate keys + copy: + src: "{{ item.keyfile }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ openshift_master_named_certificates | default([]) }}" + +- name: Land named CA certificates + copy: + src: "{{ item }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ openshift_master_named_certificates | default([]) | oo_collect('cafile') }}" diff --git a/roles/openshift_named_certificates/vars/main.yml b/roles/openshift_named_certificates/vars/main.yml new file mode 100644 index 000000000..368e9bdac --- /dev/null +++ b/roles/openshift_named_certificates/vars/main.yml @@ -0,0 +1,11 @@ +--- +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_pkg_version | default('') }}" + +overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" +named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/" +internal_hostnames: "{{ openshift.common.internal_hostnames }}" +named_certificates: "{{ openshift_master_named_certificates | default([]) }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index fd493340b..c39269f33 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -11,26 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_docker -- role: openshift_node_certificates -- role: openshift_cloud_provider -- role: openshift_common -- role: openshift_node_dnsmasq - when: openshift.common.use_dnsmasq -- role: os_firewall - os_firewall_allow: - - service: Kubernetes kubelet - port: 10250/tcp - - service: http - port: 80/tcp - - service: https - port: 443/tcp - - service: Openshift kubelet ReadOnlyPort - port: 10255/tcp - - service: Openshift kubelet ReadOnlyPort udp - port: 10255/udp - - service: OpenShift OVS sdn - port: 4789/udp - when: openshift.node.use_openshift_sdn | bool +dependencies: [] diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 889541e25..f49e97745 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -55,11 +55,11 @@ - name: Install the systemd units include: systemd_units.yml -- name: Reload systemd units - command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) - notify: - - restart node +# The atomic-openshift-node service will set this parameter on +# startup, but if the network service is restarted this setting is +# lost. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1372388 +- name: Persist net.ipv4.ip_forward sysctl entry + sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started @@ -89,10 +89,10 @@ create: true with_items: - regex: '^AWS_ACCESS_KEY_ID=' - line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}" - regex: '^AWS_SECRET_ACCESS_KEY=' - line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" - when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}" + when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - restart node @@ -106,8 +106,20 @@ notify: - restart node -- name: Additional storage plugin configuration - include: storage_plugins/main.yml +- name: NFS storage plugin configuration + include: storage_plugins/nfs.yml + +- name: GlusterFS storage plugin configuration + include: storage_plugins/glusterfs.yml + when: "'glusterfs' in openshift.node.storage_plugin_deps" + +- name: Ceph storage plugin configuration + include: storage_plugins/ceph.yml + when: "'ceph' in openshift.node.storage_plugin_deps" + +- name: iSCSI storage plugin configuration + include: storage_plugins/iscsi.yml + when: "'iscsi' in openshift.node.storage_plugin_deps" # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml deleted file mode 100644 index fe638718d..000000000 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# The NFS storage plugin is always enabled since it doesn't require any -# additional package dependencies -- name: NFS storage plugin configuration - include: nfs.yml - -- name: GlusterFS storage plugin configuration - include: glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" - -- name: Ceph storage plugin configuration - include: ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" - -- name: iSCSI storage plugin configuration - include: iscsi.yml - when: "'iscsi' in openshift.node.storage_plugin_deps" diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index e384c1bd7..22b539d16 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -17,16 +17,16 @@ persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 -- name: Check for existence of virt_sandbox_use_nfs seboolean +- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL) command: getsebool virt_sandbox_use_nfs register: virt_sandbox_use_nfs_output - when: ansible_selinux and ansible_selinux.status == "enabled" + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" failed_when: false changed_when: false -- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL) seboolean: name: virt_sandbox_use_nfs state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 39e5386d4..025cb567e 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -47,3 +47,9 @@ line: "IMAGE_VERSION={{ openshift_image_tag }}" notify: - restart node + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + notify: + - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 9ba1a01dd..68d153052 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -12,15 +12,22 @@ imageConfig: latest: false kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} +masterClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 200 + qps: 100 +{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig -{% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn | bool %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} +{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} @@ -34,7 +41,6 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes -{% include 'partials/kubeletArguments.j2' %} proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index f5b6f501d..3b5865a50 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -15,7 +15,7 @@ After={{ openshift.common.service_type }}-node-dep.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2 deleted file mode 100644 index 6c3bd04c5..000000000 --- a/roles/openshift_node/templates/partials/kubeletArguments.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{% if openshift.common.use_cluster_metrics | bool %} -kubeletArguments: - "read-only-port": - - "10255" -{% endif %}
\ No newline at end of file diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 0e69dc6f0..fef7caab8 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -25,11 +25,14 @@ - server.key - server.crt register: g_node_cert_stat_result + when: not openshift_certificates_redeploy | default(false) | bool - set_fact: - node_certs_missing: "{{ False in (g_node_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + node_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else (False in (g_node_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" - name: Create openshift_generated_configs_dir if it does not exist file: @@ -42,6 +45,9 @@ - name: Generate the node client config command: > {{ openshift.common.admin_binary }} create-api-client-config + {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} --certificate-authority={{ openshift_ca_cert }} --client-dir={{ openshift_node_generated_config_dir }} --groups=system:nodes diff --git a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo b/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo deleted file mode 100644 index bc0435d82..000000000 --- a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo +++ /dev/null @@ -1,8 +0,0 @@ -[maxamillion-fedora-openshift] -name=Copr repo for fedora-openshift owned by maxamillion -baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/ -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg -enabled=1 -enabled_metadata=1
\ No newline at end of file diff --git a/roles/openshift_repos/files/online/repos/enterprise-v3.repo b/roles/openshift_repos/files/online/repos/enterprise-v3.repo deleted file mode 100644 index 92bd35834..000000000 --- a/roles/openshift_repos/files/online/repos/enterprise-v3.repo +++ /dev/null @@ -1,10 +0,0 @@ -[enterprise-v3] -name=OpenShift Enterprise -baseurl=https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ - https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ -enabled=1 -gpgcheck=0 -failovermethod=priority -sslverify=False -sslclientcert=/var/lib/yum/client-cert.pem -sslclientkey=/var/lib/yum/client-key.pem diff --git a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo b/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo deleted file mode 100644 index b4215679f..000000000 --- a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo +++ /dev/null @@ -1,11 +0,0 @@ -[rhel-7-libra-candidate] -name=rhel-7-libra-candidate - \$basearch -baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/ - https://mirror.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/ -gpgkey=https://mirror.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-openshifthosted -skip_if_unavailable=True -gpgcheck=0 -enabled=1 -sslclientcert=/var/lib/yum/client-cert.pem -sslclientkey=/var/lib/yum/client-key.pem -sslverify=False diff --git a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo b/roles/openshift_repos/files/removed/repos/epel7-openshift.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo +++ /dev/null diff --git a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo b/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo deleted file mode 100644 index 0b21e0a65..000000000 --- a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo +++ /dev/null @@ -1,7 +0,0 @@ -[maxamillion-origin-next] -name=Copr repo for origin-next owned by maxamillion -baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/ -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg -enabled=1 diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo +++ /dev/null diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo +++ /dev/null diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index d8e43438a..9be168611 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -29,52 +29,20 @@ when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool notify: refresh cache -- name: Remove any yum repo files for other deployment types RHEL/CentOS - file: - path: "/etc/yum.repos.d/{{ item | basename }}" - state: absent - with_fileglob: - - '*/repos/*' - when: not openshift.common.is_containerized | bool - and not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) - and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") - notify: refresh cache - -- name: Remove any yum repo files for other deployment types Fedora - file: - path: "/etc/yum.repos.d/{{ item | basename }}" - state: absent - with_fileglob: - - '*/repos/*' - when: not openshift.common.is_containerized | bool - and not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) - and (ansible_distribution == "Fedora") - notify: refresh cache - -- name: Configure gpg keys if needed +- name: Configure origin gpg keys if needed copy: - src: "{{ item }}" + src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS dest: /etc/pki/rpm-gpg/ - with_fileglob: - - "{{ openshift_deployment_type }}/gpg_keys/*" - notify: refresh cache - when: not openshift.common.is_containerized | bool - -- name: Configure yum repositories RHEL/CentOS - copy: - src: "{{ item }}" - dest: /etc/yum.repos.d/ - with_fileglob: - - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" + and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool -- name: Configure yum repositories Fedora +- name: Configure origin yum repositories RHEL/CentOS copy: - src: "{{ item }}" + src: origin/repos/openshift-ansible-centos-paas-sig.repo dest: /etc/yum.repos.d/ - with_fileglob: - - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool + when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" + and openshift_deployment_type == 'origin' + and not openshift.common.is_containerized | bool diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml index 1efab9466..8715fc64e 100644 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml @@ -15,7 +15,7 @@ template: src: serviceaccount.j2 dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" - with_items: openshift_serviceaccounts_names + with_items: '{{ openshift_serviceaccounts_names }}' - name: Get current security context constraints shell: > @@ -30,8 +30,8 @@ insertafter: "^users:$" when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" with_nested: - - openshift_serviceaccounts_names - - scc_test.results + - '{{ openshift_serviceaccounts_names }}' + - '{{ scc_test.results }}' - name: Apply new scc rules for service accounts command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index fe7f83cbb..08d0b8540 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -20,21 +20,37 @@ - name: Ensure export directories exist file: - path: "{{ openshift.hosted.registry.storage.nfs.directory }}/{{ item }}" + path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}" state: directory mode: 0777 owner: nfsnobody group: nfsnobody with_items: - - "{{ openshift.hosted.registry.storage.volume.name }}" + - "{{ openshift.hosted.registry }}" + - "{{ openshift.hosted.metrics }}" - name: Configure exports template: - dest: /etc/exports + dest: /etc/exports.d/openshift-ansible.exports src: exports.j2 notify: - restart nfs-server +# Now that we're putting our exports in our own file clean up the old ones +- name: register exports + command: cat /etc/exports.d/openshift-ansible.exports + register: exports_out + +- name: remove exports from /etc/exports + lineinfile: + dest: /etc/exports + line: "{{ item }}" + state: absent + with_items: "{{ exports_out.stdout_lines | default([]) }}" + when: exports_out.rc == 0 + notify: + - restart nfs-server + - name: Enable and start services service: name: "{{ item }}" diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index c1e1994b0..d6d936b72 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -1 +1,2 @@ {{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }} +{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }} diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 6e5d2b22c..a3a99d248 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -73,6 +73,10 @@ msg: openshift_version role was unable to set openshift_pkg_version when: openshift_pkg_version is not defined +- fail: + msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories." + when: not is_containerized | bool and openshift_version == '0.0' + # We can't map an openshift_release to full rpm version like we can with containers, make sure # the rpm version we looked up matches the release requested and error out if not. - fail: |